[July 28, 2014] |
|
Global Survey: NSA, Retail Breaches Influenced Corporate Security Strategies the Most
NEWTON, Mass. --(Business Wire)--
Sixty eight percent of businesses stated that the NSA breach by Edward
Snowden and the number of retail/point of sale (PoS) system breaches in
the past year were the most impactful in terms of changing security
strategies to protect against the latest threats. The findings are part
of CyberArk's 8th Annual Global Advanced Threat Landscape
survey - developed through interviews with 373 C-level and IT security
executives across North America, Europe and the Asia-Pacific. The full
survey can be downloaded for free
here.
The majority of organizations surveyed believe that attacks reaching the
privileged account takeover stage are the most difficult to detect,
respond to and remediate. While the NSA breach is widely regarded as the
prototypical insider-based attack, and the retail/PoS breaches are
regarded similarly for outside attacks, the critical link between both
attacks was the compromise and exploitation of privileged credentials.
Key findings of the 2014 survey include:
Snowden and Retail/PoS Breaches Influence Security Strategies the Most
-
When asked which cyber-attacks or data breaches in the past year had
the biggest impact on their business' security strategy:
-
37 percent of respondents cited the NSA/Edward Snowden breach
-
31 percent of respondents cited the retail/PoS attacks
-
19 percent of respondents cited government-sponsored
espionage
Third-Party Privileged Access Emerges as Critical Security
Vulnerability
-
As companies move to the cloud and streamline the supply chain by
providing routine network access to third-parties, cyber-attackers are
increasingly targeting these partners to steal and exploit their
privileged access to the target company's network. This pathway was
used in some of the most devastating breaches in the last 12 months.
The survey found:
-
60 percent of businesses now allow third-party vendors remote
access to their internal networks
-
Of this group, 58 percent of organizaions have no confidence that
third-party vendors are securing and monitoring privileged access
to their network
Attackers are on the Inside - Protect Your Privileges
-
Organizations continue to face sophisticated and determined attackers
seeking to infiltrate networks. Many organizations face daily
perimeter-oriented attacks, such as phishing, designed to give
attackers a foothold to steal the privileged credentials of an
employee to give them defacto insider status. The survey found:
-
52 percent of respondents believe that a cyber-attacker is
currently on their network, or has been in the past year
-
44 percent believe that attacks that reach the privileged account
takeover stage are the most difficult to detect, respond to and
remediate; 29 percent believe it is the malware implantation stage
Other Findings of Note
-
Survey respondents stated that the following trends were the most
impactful in terms of shaping and changing security strategies:
-
30 percent stated Bring Your Own Device (BYOD)
-
26 percent stated cloud computing
-
21 percent stated regulatory compliance
-
16 percent stated the Internet of Things (IoT)
-
When asked whether their organization had or was considering deploying
security analytics, this year's survey found that:
-
31 percent of businesses have already deployed security analytics
in some form
-
23 percent were planning on deploying security analytics in the
next 12 months
-
33 percent had no plans to leverage security analytics
Supporting Quotes "Loss of IP and competitive advantage,
diminishing brand value, loss of customers and negative shareholder
impact are just a few of the business impacts many organizations felt as
a result of cyber-attacks this year," said Adam Bosnian, executive vice
president, CyberArk. "This year's survey results demonstrate that
whether it's an insider like Edward Snowden, or an outside-based attack
like the retail/PoS breaches, attackers require the exploitation of
insider credentials to successfully execute their attacks."
Full Research Brief: http://www.cyberark.com/contact/global-advanced-threat-landscape-survey-2014
About CyberArk CyberArk is the only security company focused
on eliminating the most advanced cyber threats; those that use insider
privileges to attack the heart of the enterprise. Dedicated to stopping
attacks before they stop business, CyberArk proactively secures against
cyber threats before attacks can escalate and do irreparable damage. The
company is trusted by the world's leading companies - including more
than 35 percent of the Fortune 100 and 17 of the world's top 20 banks -
to protect their highest value information assets, infrastructure and
applications. A global company, CyberArk is headquartered in Petach
Tikvah, Israel, with U.S. headquarters located in Newton, MA. The
company also has offices throughout EMEA and Asia-Pacific. To learn more
about CyberArk, visit www.cyberark.com,
read the company blog, http://www.cyberark.com/blog/,
follow on Twitter @CyberArk or Facebook (News - Alert) at https://www.facebook.com/CyberArk.
Copyright © 2014 Cyber-Ark Software. All Rights Reserved. All
other brand names, product names, or trademarks belong to their
respective holders.
[ Back To TMCnet.com's Homepage ]
|