Despite facing a diverse and increasingly damaging range of cyber security threats, many businesses do not react due to inertia and uncertainty.
This is according to a new study by CyberArk. Its Global Advanced Threat Landscape Report 2018 was based on a survey of 1,300 IT security decision makers, DevOps and App Developer professionals and business owners, across seven countries.
According to the report, almost half of IT security professionals rarely change their security strategy substantially even after experiencing a cyber attack. CyberArk also found that a similar proportion reported that their organisation is unable to prevent attackers breaking into internal networks each time it is attempted.
Half of those surveyed admitted that their customers’ privacy or personally identifiable information (PII) could be at risk because their data is not secured beyond the legally required basics.
The report revealed that “an overwhelming number” of IT security professionals believe securing an environment starts with protecting privileged accounts. However, they are not acting on this.
A total of 89 per cent reported that IT infrastructure and critical data are not fully protected unless privileged accounts and credentials are secured. But 49 per cent of organisations have no privileged account security strategy for the cloud.
When it comes to red team exercises – when ethical hackers simulate the techniques and behaviours of malicious attackers in order to uncover critical vulnerabilities – very few businesses are carrying these out.
The report found that just eight per cent of security decision-makers say their company conducts these activities. However, 44 per cent of organisations say they recognise or reward employees who help prevent a security breach.