60 percent of security pros say their strategy doesn't keep up with the threat landscape
A new survey reveals that 60 percent of respondents believe their overall security strategy does not keep pace with the threat landscape, and that they are either lagging behind (20 percent), treading water (13 percent), or merely running to keep up (27 percent).
The study from privileged access management specialist Delinea also shows that 84 percent of organizations experienced an identity-related security breach in the last 18 months, despite 40 percent of respondents believing they have the right strategy in place.
On a positive note companies are keen to change, particularly when it comes to protecting identities. 90 percent of respondents say their organizations fully recognize the importance of identity security in enabling them to achieve their business goals, and 87 percent say that it is one of the most important security priorities for the next 12 months. However, 75 percent of IT and security professionals also believe that they'll fall short of protecting privileged identities because they won't get the support they need.
"While the importance of identity security is acknowledged by business leaders, most security teams will not receive the backing and budget they need to put vital security controls and solutions in place to reduce major risks," says Joseph Carson, chief security scientist and advisory CISO at Delinea. "This means that the majority of organizations will continue to fall short of protecting privileges, leaving them vulnerable to cybercriminals looking to discover privileged accounts and abuse them."
The report also highlights that privileged identities include humans, such as domain and local administrators, as well as non-humans, like service accounts, application accounts, code, and other types of machine identities that connect and share privileged information automatically. But only 44 percent of organizations manage and secure machine identities, while the majority leave them exposed and vulnerable to attack.
"Cyber criminals look for the weakest link and overlooking 'non-human' identities -- particularly when these are growing at a faster pace than human users -- greatly increases the risk of privilege-based identity attacks," Carson adds. "When attackers target machine and application identities they can easily hide, moving around the network to determine the best place to strike and cause the most damage. Organizations need to ensure machine identities are included in their security strategies and follow best practices when it comes to protecting all their IT 'superuser' accounts which, if compromised, could bring the entire business to a halt."
The full report is available from the Delinea site and there's a summary of the findings in the infographic below.
Image credit: alexskopje/depositphotos.com