The report surveyed 1,000 global organisations and identified that although organisations view privileged access security as a core component of an effective cybersecurity program, this view has not yet translated into action.
This is evidenced by the fact that just 49% of organisations state that they have a privileged access security strategy in place, whilst only 35% have a strategy for DevOps and 32% for IoT. Additionally, only 21% understood that privileged accounts, credentials and secrets exist in containers.
The report explained that the lack of organisations using privileged access security strategy in place for DevOps, IoT and other technologies, creates an opportunity for attackers to exploit legitimate privileged access. Attackers can move laterally across a network, and gain information before progressing onto “their mission”.
It is for this reason that organisations are mapping security investments, with 28% of total planned security spend in the next two year focused on stopping privilege escalation and lateral movement.
Amongst the findings, the report further identified that 78% of respondents identified hackers as one of their top three greatest threats to critical assets, followed by organised crime (46%), hacktivists (46%) and privileged insiders (41%).
In regards to security risks currently faced by organisations, 60% of respondents cited external attacks, such as phishing, as one of the greatest security risks, whilst 59% stated ransomware and 45% cited Shadow IT.
Adam Bosnian, executive vice president, global business development CyberArk commented:
“Organisations are showing increasing understanding of the importance of mitigation along the cyber kill chain and why preventing credential creep and lateral movement is critical to security.
“But this awareness must extend to consistently implementing proactive cybersecurity strategies across all modern infrastructure and applications, specifically reducing privilege-related risk in order to recognize tangible business value from digital transformation initiatives.”
Regarding global compliance readiness, a surprising 41% of organisations stated they would be willing to pay fines for non-compliance with major regulations, but would not change security policies even after experiencing a successful cyber attack.
The survey also examined the impact of major regulations around the world, and it was identified that with CCPA only 37% of organisations are ready for the legislation to go into effect in 2020.
Article originally published on PrivSec:Report
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.