Despite facing a diverse and increasingly damaging range of cyber security threats, many businesses do not react due to inertia and uncertainty.
This is according to a new study by CyberArk. Its Global Advanced Threat Landscape Report 2018 was based on a survey of 1,300 IT security decision makers, DevOps and App Developer professionals and business owners, across seven countries.
According to the report, almost half of IT security professionals rarely change their security strategy substantially even after experiencing a cyber attack. CyberArk also found that a similar proportion reported that their organisation is unable to prevent attackers breaking into internal networks each time it is attempted.
Half of those surveyed admitted that their customers’ privacy or personally identifiable information (PII) could be at risk because their data is not secured beyond the legally required basics.
The report revealed that “an overwhelming number” of IT security professionals believe securing an environment starts with protecting privileged accounts. However, they are not acting on this.
A total of 89 per cent reported that IT infrastructure and critical data are not fully protected unless privileged accounts and credentials are secured. But 49 per cent of organisations have no privileged account security strategy for the cloud.
When it comes to red team exercises – when ethical hackers simulate the techniques and behaviours of malicious attackers in order to uncover critical vulnerabilities – very few businesses are carrying these out.
The report found that just eight per cent of security decision-makers say their company conducts these activities. However, 44 per cent of organisations say they recognise or reward employees who help prevent a security breach.
Share This Post, Choose Your Platform!
With over 20 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.