Today we unveiled findings from our 10th annual Global Advanced Threat Landscape Survey. This year’s report, themed “Cyber Security: Past, Present & Future,” examines whether or not global enterprises have learned and applied lessons from high-profile cyber attacks, and explores factors that influence security priorities and business decision-making.
While the vast majority of respondents (82 percent) believe the IT security industry is making progress against cyber attacks, those gains are undercut by egregious security practices in critical areas such as privileged account security, third-party vendor access and cloud. With that theme in mind, our take on some of the key findings are below. We encourage you to read the full, free report for your own assessment of the findings.
Bad Security Habits Persist, Despite Rising Awareness. Seventy-nine percent of respondents state their organization has learned lessons from major cyber attacks. Yet many fail to enforce best practices or adequately prioritize security initiatives in the right areas to effectively protect against advanced threats—underscoring a wide gap between “awareness” and “preparedness.” For example, more than half of the respondents state they have evolved or changed processes for managing privileged accounts, yet 40 percent of organizations still store privileged and administrative passwords in a Word document or spreadsheet and 28 percent use a shared server or USB stick
The Risks of Overconfidence. Today, three out of four IT decision makers believe they can prevent attackers from breaking into their internal network—up from 44 percent in 2015. However, this [over]confidence is counter to the number of increasingly aggressive and damaging attacks reported. In fact, 46 percent of respondents believe their organization has been the victim of a ransomware attack in the last two years.
Future Risks and Prioritization Challenges. As cyber attacks continue on trusted institutions such as government, utilities and financial systems, when asked about emerging risks, respondents note they are most concerned with distributed denial-of-service (DDoS) attacks, phishing, ransomware, privileged account exploitation and perimeter breaches.
With threats against critical infrastructure, such as the much-publicized power outage in the Ukraine, no longer science fiction, respondents share their opinion on which scenarios present the most immediate and potentially catastrophic cyber security threat in general. The majority (58 percent) feel an attack on financial systems, including disruption of global stock markets, is the most threatening.
The findings of this year’s Global Advanced Threat Landscape Survey of 750 global IT & IT security decision makers demonstrate that cyber security awareness doesn’t always equate to being secure. Too often, organizations undermine their own efforts by failing to enforce well-known security best practices.
The majority of today’s breaches are a result of poor security hygiene. Organizations can’t lose sight of the broader security picture while trying to secure against the threat du jour. This means consistently executing on the fundamentals, from keeping security patches and software versions up-to-date, to implementing and enforcing least privilege access policies and using strong authentication as needed, and listening to auditors and consultants.
To learn more, download the Global Advanced Threat Landscape Survey 2016 at https://www.cyberark.com/resource/2016-global-advanced-threat-landscape-survey/.