Yesterday’s release of the CyberArk advanced threat survey marks the eighth year in a row we’ve surveyed business and IT leaders to better understand what cyber security issues are top of mind for practitioners around the world. The 2014 survey can be downloaded here, although if you want a quick read, here are the highlights:
Snowden and Retail/PoS Breaches Influence Security Strategies the Most
We asked the respondents to select which cyber-attacks had the biggest impact on their business’ security strategy. Not surprisingly, 68 percent of respondents said the NSA and the PoS attacks at several high-profile retailers were the top two on the list.
While the NSA breach is widely regarded as the prototypical insider-based attack, and the retail/PoS breaches are regarded similarly for outside attacks, the critical link between both attacks was the compromise and exploitation of privileged credentials.
Third-Party Privileged Access Emerges as Critical Security Vulnerability
Companies continue to provide routine network access to make it easier for partners, vendors and other trusted third-parties to provide services. While this certainly streamlines the supply chain, the bad guys are using this route to go after these partners to steal and exploit their privileged access to the target company’s network.
And what do businesses say about this? They have little confidence that their third-party vendors are properly locking down and securing privileged access to their networks.
Attackers are on the Inside – Protect Your Privileges
Last year we found that 52 percent of companies thought that their network had either been breached in the last 12 months, or that an attacker was currently on their network. We asked the same question again this year to see if things got better, but turns out the issue is in the same place – 52 percent said yes again this year. (Maybe the other 48 percent just won’t admit it …)
The reality is, no matter how tight your security is, motivated attackers will find a way onto your network. Once they’re on the network, things can get ugly. As you can see from the chart below, the majority of organizations surveyed believe that attacks that reach the privileged account takeover stage are the most difficult to detect, respond to and stop. Once an attacker gains defacto insider status, a breach is incredibly hard to stop without the right tools in place.
The overall take away from this year’s survey? Whether attacks start with a malicious insider, or a rogue outside group/person, stealing and exploiting valid privileged credentials is critical to the success of the attacks. If your organization wants to gain an edge in stopping advanced attacks – start by locking down the privileged pathway all attackers take.