Survey: Only Half of Organizations Believe They Can Stop Cyber Attacks

Survey: Only Half of Organizations Believe They Can Stop Cyber Attacks
Image Source: Google

CyberArk Report Also Finds Agility and Automation Initiatives May Lead to ‘Credential Creep’ and Increased Privilege-Related Risk

NEWTON, Mass. & PETACH TIKVA, Israel: According to a new global survey from CyberArk (NASDAQ: CYBR), 50 percent of organizations believe attackers can infiltrate their networks each time they try. As organizations increase investments in automation and agility, a general lack of awareness about the existence of privileged credentials – across DevOps, robotic process automation (RPA) and in the cloud – is compounding the risk.

According to the CyberArk Global Advanced Threat Landscape 2019 Report, less than half of organizations have a privileged access security strategy in place for DevOps, IoT, RPA and other technologies that are foundational to digital initiatives. This creates a perfect opportunity for attackers to exploit legitimate privileged access to move laterally across a network to conduct reconnaissance and progress their mission.

Preventing this lateral movement is a key reason why organizations are mapping security investments against key mitigation points along the cyber kill chain, with 28 percent of total planned security spend in the next two years focused on stopping privilege escalation and lateral movement.

Proactive investments to reduce risk are critical given what this year’s survey respondents cite as their top threats:

  • 78 percent identified hackers in their top three greatest threats to critical assets, followed by organized crime (46 percent), hacktivists (46 percent) and privileged insiders (41 percent).
  • 60 percent of respondents cited external attacks, such as phishing, as one of the greatest security risks currently facing their organization, followed by ransomware (59 percent) and Shadow IT (45 percent).

Security Barriers to Digital Transformation and the Privilege Priority 

The survey found that while organizations view privileged access security as a core component of an effective cybersecurity program, this understanding has not yet translated to action for protecting foundational digital transformation technologies.

  • 84 percent state that IT infrastructure and critical data are not fully protected unless privileged accounts, credentials, and secrets are secured.
  • Despite this, only 49 percent have a privileged access security strategy in place for protecting business-critical applications and cloud infrastructure respectively, with even fewer having a strategy for DevOps (35 percent) or IoT (32 percent).
  • Further, only 21 percent understood that privileged accounts, credentials, and secrets exist in containers, 24 percent understood that they exist in source code repositories and 30 percent understood that they are present in privileged applications and processes such as RPA.

“Organizations are showing an increased understanding of the importance of mitigation along the cyber kill chain and why preventing credential creep and lateral movement is critical to security,” said Adam Bosnian, executive vice president, global business development, CyberArk. “But this awareness must extend to consistently implementing proactive cybersecurity strategies across all modern infrastructure and applications, specifically reducing privilege-related risk in order to recognize tangible business value from digital transformation initiatives.”