The IT industry is making progress when it comes to securing information and communications systems from cyber attacks, but practices in several critical areas, such as privileged account security, third-party vendor access and cloud platforms are undermining them, according to a new global cyber attack survey commissioned and released by cyber security company CyberArk.
More than 8 in 10 survey respondents said they believe the IT security industry is making progress against cyber attacks, according to the 10th annual CyberArk Global Advanced Threat Landscape Survey 2016. That said, 40% still store privileged and administrative passwords in word processing documents or spreadsheets, leaving them vulnerable, CyberArk highlights in a news release about the cyber attack survey.
Organizations and the IT security industry need to do a better job and take advantage of increased awareness to improve enforcement of IT security best practices, CyberArk says. According to the survey:
- Seventy-nine (79) percent state their organization has learned lessons from major cyber attacks and has taken appropriate action to improve security.
- Sixty-seven (67) percent now believe their CEO/board of directors provide sound cyber security leadership (up from 57 percent in 2015).
- The top actions taken because of this awareness are deployment of malware detection (25 percent), endpoint security (24 percent) and security analytics (16 percent).
- Fifty-five (55) percent of respondents state their organization has changed or evolved processes for managing privileged accounts.
Despite this, 40 percent of organizations still store privileged and admin passwords in a Word document or spreadsheet, while 28 percent use a shared server or USB stick.
- Nearly half of organizations (49 percent) allow third-party vendors (such as supply chain and IT management firms) remote access to their internal networks.
- While the majority of respondents secure and monitor that access, the public sector has the least third-party vendor access controls in place compared to other industries, with 21 percent not securing and 33 percent not monitoring that activity.
Cyber Attack Survey
Organizations are increasingly taking a post-breach mentality in their approaches to cyber attack prevention and security. While that’s resulting in better post-breach planning, overconfidence may hinder their ability to realize their aims. According to CyberArk:
- Three out of four IT decision makers now believe they can prevent attackers from breaking into their internal network – up from 44 percent in 2015.
- Despite this, 36 percent believe a cyber attacker is currently on their network, or has been in the last 12 months.
- Forty-six (46) percent believe their organization was a victim of a ransomware attack in the past two years.
- Eighty-two (82) percent of respondents believe the security industry in general is making progress against cyber attacks.
Seventeen (17) percent believe the industry is falling further behind.
- Nearly every organization (95 percent) has a cybersecurity emergency response plan.
- This preparedness is undermined by a lack of communication and testing – only 45 percent communicate and regularly test their plan with all IT staff.
- Sixty-eight (68) percent of organizations cite losing customer data as one of their biggest concerns following a cyber attack.
- Sixty (60) percent of those who use the cloud store customer data in it.
- Fifty-seven (57) percent who store information in the cloud are not completely confident in their cloud provider’s ability to protect their data.
- When identifying the most difficult stage of a cyber attack to mitigate, malware installation ranked first (41 percent), followed by privileged account takeover (25 percent).
Cyber attack survey respondents cited the cyber attack scenarios they believe pose the most immediate and potentially catastrophic threats:
Respondents list the following types of cyber attacks or tactics as the top-ranked concern in the next 12 months: Distributed denial-of-service (DDoS) attacks (19 percent), phishing (14 percent), ransomware (13 percent), privileged account exploitation (12 percent) and perimeter breaches (12 percent).
Attacks on financial systems, including disruption of global markets (58 percent) is the most potentially catastrophic threat perceived by respondents, followed by attacks causing massive utilities damage (55 percent) and those impacting civil services such as healthcare and hospital services (51 percent).
Exploring further, CyberArk’s latest study reveals a varied global picture regarding organizations’ preparedness for greater regulatory oversight and the impact it will have on cyber security programs and accountability.
- While 70 percent of global respondents agree that the threat of legal action and fines influence the level of executive/board involvement in security-related decisions, 22 percent of the respondents do not incorporate compliance fines or legal fees (19 percent) into the cost of a breach.
- Nearly seven in ten (69 percent) respondents state that, in response to a breach or cyber attack, stopping the breach/removing the attackers is among their top priorities, followed by detecting the source of the breach (53 percent).
- Far fewer respondents prioritize notifying the CEO/board (26 percent), entire staff/workforce (25 percent) or customers (18 percent).
Summing up this year’s cyber attack survey findings, CyberArk CMO John Worrall said: “The findings of this year’s Global Advanced Threat Landscape Survey demonstrate that cyber security awareness doesn’t always equate to being secure.
¨Organizations undermine their own efforts by failing to enforce well-known security best practices around potential vulnerabilities associated with privileged accounts, third-party vendor access and data stored in the cloud.
¨There’s a fine line between preparedness and overconfidence. The majority of cyber attacks are a result of poor security hygiene – organizations can’t lose sight of the broader security picture while trying to secure against the threat du jour.”