CyberArk Global Security Survey: Privileged Account Exploitation the Common Link in Enterprise Assaults
NEWTON, Mass. and LONDON – June 12, 2012 – According to the results of Cyber-Ark® Software’s annual global IT security survey, businesses recognize that the exploitation of privileged account access played a prominent role in most of the world’s most notorious data breaches. The 6th Annual “Global Trust, Security and Passwords Survey” is a result of interviews with 820 IT managers and C-level professionals across North America and EMEA, primarily from enterprise-class companies.
Analysis of the survey highlights that as the enterprise perimeter dissolves and reports of internal and external threats increase, privileged access points have become the primary target for all enterprise attacks. Privileged access points consist of privileged and administrative accounts, default and hardcoded passwords, application backdoors, and more. These accounts act as a gateway to an organization’s most sensitive data, which is accessible across systems, applications and servers. Key findings of the survey include:
- Privileged accounts are increasingly being targeted in enterprise-assaults – regardless of the attack entry point :
- 71 percent of respondents consider insider threats to be the greatest security risk to their organization; 29 percent cite external threats, including targeted cyber-attacks and opportunistic hacks.
- 64 percent of respondents believe that the majority of recent security attacks have involved the exploitation of privileged account access.
- Recent high-profile security attacks, such as the RSA and Global Payments data breaches, have made an impact on security strategies this year:
- When asked if they were rethinking security strategies based on these high profile breaches, more than half said yes (51 percent)
- Respondents were asked to rank their 2012 IT security priorities in order of importance:
- Vulnerability Management (17 percent); Privileged Identity Management (16 percent); Security Information and Event Monitoring (SIEM) (15 percent); Anti-virus/malware (13 percent).
- Despite the growing awareness of the privileged connection in cyber-attacks and the growing insider threat, some businesses are failing to uphold their responsibility for securing customer and similar sensitive information:
- 43 percent of respondents stated that their organizations do not monitor the use of privileged accounts or were unsure of whether they did.
- Of those organizations that monitor privileged access 52 percent of respondents believe they can get around the current controls.
- Current legislative and regulatory efforts to curb data breaches have proven ineffective to date:
- When asked if data breach notification laws are effective in curbing data loss, 72 percent of respondents stated no, while only 28 percent stated yes.
- The perception of the insider threat as the greatest security risk is driven by continued unauthorized access to sensitive information:
- 45 percent of respondents indicated that they have access to information on a system that was not relevant to their role.
- 42 percent of respondents indicated that they or a colleague have used admin passwords to access information that was otherwise confidential; 25 percent of respondents were unsure.
- 55 percent of respondents believe that competitors have received their company’s highly sensitive information or intellectual property.
“Whether it’s a malicious insider looking to steal information, or an external attacker looking to exploit privileged accounts to gain access to the network and sensitive information, it’s clear that privileged access points have emerged as the priority target of enterprise cyber-assaults. This pattern has been demonstrated in some of the most high profile attacks, including Global Payments, Utah, and even with the recent Flame virus,” said Udi Mokady, founder and CEO of Cyber-Ark. “Everything that we’ve known about security is changing – it’s no longer acceptable to simply focus on the perimeter and hope to keep attackers out. Businesses need to start with the assumption that the attackers are already on the inside and focus internal security structures to safeguard the access points to sensitive data. Controlling privileged access points needs to be a priority and should be considered a corporate responsibility.”
Full Research Brief: 2012 Trust, Security & Password Report