by Christy Lynch
This week CyberArk revealed the compelling results of our latest research report— the 2013 Privileged Account Security & Compliance Survey.As we detailed on our blog yesterday, the survey results have helped guide us through the answer to a perplexing question: If privileged accounts continue to emerge as the primary target for advanced enterprise attacks, why aren’t organizations doing everything they can to stop them?
The answer, we found, lies in such findings as this one—which points to a gross underestimation of the extent of the “privileged problem”: 86 percent of respondents from large enterprises (5000+ employees) stated they either didn’t know how many accounts they had or that they had no more than 1 per employee. The problem of course, is that this means that at least 2 out of every 3 privileged accounts in these organizations are either unknown or unmanaged.
Given the obvious ambiguity surrounding privileged accounts, we sat down with our CMO, John Worrall, to get his take on the survey results. To begin, we decided to have John help us take a step back and answer a question that many organizations, after reading the survey results, were probably asking themselves: “What is a privileged account?” Take it away John:
We also asked John to break the survey down for us a bit further. Here, John highlights some of the pretty compelling risk awareness numbers: Over 25% of survey respondents underestimated the number of privileged accounts that exist throughout their organization by at least a multiple of 80.
John’s definition of privileged accounts, and his clarification about their existence in every server, networked device, application, operating system and any device with a microprocessor, is critically important. As we found in the survey, 37 percent of respondents did NOT believe that each part of their enterprise IT infrastructure was comprised of privileged accounts. For the 63 percent who did believe this to be true—which it is—we salute you. For the others, please read the full report, and let John and the Cyber-Ark team know how we can help rectify this glaring uncertainty before the next advanced cyber attack hits.