Enterprises are learning from cyber attacks but bad habits persist

A majority of enterprises (79 percent) say they have taken action to improve their security in response to major cyber attacks. However, 40 percent of organizations still store privileged and admin passwords in a Word document or spreadsheet, while 28 percent use a shared server or USB stick.

This is among the findings of the 10th annual Global Advanced Threat Landscape Survey from cyber security company CyberArk which looks at whether organizations are learning lessons from cyber attacks.

The results also raise concerns about overconfidence. Three out of four IT decision makers now believe they can prevent attackers from breaking into their internal network -- up from 44 percent in 2015. Yet despite this, 36 percent believe a cyber attacker is currently on their network, or has been in the last 12 months.

The types of attack that most concern enterprises are DDoS attacks (19 percent), phishing (14 percent), ransomware (13 percent), privileged account exploitation (12 percent) and perimeter breaches (12 percent).

"The findings of this year's Global Advanced Threat Landscape Survey demonstrate that cyber security awareness doesn't always equate to being secure. Organizations undermine their own efforts by failing to enforce well-known, security best practices around potential vulnerabilities associated with privileged accounts, third-party vendor access and data stored in the cloud," says John Worrall, CMO of CyberArk. "There's a fine line between preparedness and overconfidence. The majority of cyber attacks are a result of poor security hygiene -- organizations can't lose sight of the broader security picture whilst trying to secure against the threat du jour".

You can find out more in the full report which is available to download from the CyberArk website.

Photo credit: Imillian / Shutterstock