Shifting attack patterns boost uptake of zero trust
As enterprises move more data to the cloud and grant higher levels of third party access, attackers are increasingly targeting non-traditional user populations that may not be adequately protected.
But a new survey of CISOs from identity specialist CyberArk shows that security teams are shifting to zero trust in response to these changing attack patterns.
The most widely reported group facing increased attacks is end-users with access to sensitive data. A majority of respondents (56 percent) report such users as being increasingly targeted by attackers. Attacks are also on the rise against senior leadership (48 percent), third-party vendors and contractors (39 percent) and DevOps and cloud engineers (33 percent).
Widespread increases in credential theft attempts have been reported for personal data (70 percent) and financial systems and data (66 percent), clear evidence of attackers' interest in gaining 'high-value' access to sensitive systems that is often held by end users rather than administrators.
In response 88 percent of respondents say adopting more of a zero trust approach is 'very important' or 'important.' The top priority in implementing zero trust is controls focusing on identity and access management (IAM), chosen by 45 percent of respondents. Just-in-time access controls are highly valued, with 87 percent of respondents saying reducing standing privileges is an important aspect of zero trust.
Endpoint security remains an operational challenge for 94 percent of respondents, with 46 percent saying that installing and maintaining agents makes endpoint security challenging.
"Reverberations from the SolarWinds attack continue to underscore the need to protect privileged credentials and break the attack chain to organizations' most valuable assets," says Mike O'Malley, senior vice president, Global Marketing, CyberArk. "As new identities multiply across the enterprise, this survey emphasizes the importance of a Zero Trust-based approach to Identity Security. For security leaders seeking to mitigate the risks of spear-phishing, impersonation attacks and other forms of compromise, we believe the peer experiences captured in the CISO View reports will serve as an invaluable tool, no matter where their organization is on the Zero Trust maturity curve."
You can get the full report from the CyberArk site.