Cybercriminals are continuing to target low-hanging fruit; according to a new study from Centrify, the security and identify firm, while 74% of data breaches involved privileged credential abuse, identity and access management resources are severely lacking among enterprises.
The survey of 1,000 IT decision makers, 500 from the U.K. and 500 from the U.S., found that 52% of respondents do not have a password vault; while 63% indicate their companies usually take more than one day to shut off privileged access for employees who leave the company. Furthermore, 44% of UK IT decision makers didn’t know what privileged access management is.
“What’s alarming is that most organisations aren’t taking the most basic steps to reduce their risk of being breached,” said Tim Steinkopf, CEO of Centrify.
According to the survey, UK respondents are behind their US counterparts when it comes to managing privileged access. This affects their confidence in the ability to secure their organisations, as only 36% of UK respondents are “very confident” in their company’s current IT security software compared to 65% of US respondents.
Woody & Kleiny: Security, privacy and the next-gen workforce
“Centrify believes that reason for this increased prioritisation and spending on PAM is the increasingly-modern threatscape that security professionals are facing,” Steinkopf continued. “Today’s environment is much different than when all privileged access was constrained to systems and resources inside the network. Privileged access now not only covers infrastructure, databases and network devices but is extended to cloud environments, Big Data, DevOps, containers and more.”
The survey also found that respondents are not controlling privileged access to these modern use cases, including:
- 45% are not securing public and private cloud workloads with privileged access controls (53% of UK respondents)
- 58% are not securing Big Data projects with privileged access controls (63% of UK respondents)
- 68% are not securing network devices like hubs, switches and routers with privileged access controls (72% of UK respondents)
- 72% are not securing containers with privileged access controls (73% of UK respondents)
The hidden truth about cyber crime: insider threats