Half of Orgs Don't Change Security Strategy, Even After an Attack
Almost half of organizations do not regularly make substantial changes to their security strategy, even after experiencing a cyber-attack.
That’s according to the CyberArk Global Advanced Threat Landscape Report 2018, in which the security vendor surveyed 1300 IT security decision makers to explore the current state of enterprise security practices.
The general theme of the report was that security inertia has infiltrated many organizations resulting in an inability to repel or contain attacks: 46% of respondents said their company can’t prevent attackers from breaking into internal networks each time it is attempted whilst 50% admitted their customers’ privacy or personally identifiable information could be at risk because their data is not secured beyond the legally-required basics.
What’s more, just 8% of companies perform Red Team exercises to uncover critical vulnerabilities and identify effective responses, whilst more than a quarter are failing to protect privileged accounts.
It’s impacting the cloud too, CyberArk discovered, warning that the automated processes inherent in cloud and DevOps mean privileged accounts, credentials and secrets are being created at a prolific rate, but despite recognizing this security risk businesses still have a relaxed approach toward cloud security.
Half of those polled said their organization has no privileged account security strategy for the cloud and more than two-thirds said they defer on cloud security to their vendor, whilst 38% stated their cloud provider doesn’t deliver adequate protection.
“When target organizations haven’t moved with the times, cyber-attackers often have an easy time of it and are able to penetrate traditional perimeter defenses without undue effort,” said Rich Turner, vice-president EMEA, CyberArk. “Companies must show greater urgency to change the game, which means treating the risk associated with cybersecurity in the same way as wider business risks such as competition and the economy.
“Understanding how changing service delivery models – like cloud and DevOps – affect the attack surface is a crucial component of cyber-risk. Business leaders have a critical role to play in transforming the risk mindset and building cyber resilience across the enterprise.”
Source: Information Security Magazine