The findings are included in the second installment of the CyberArk Global Advanced Threat Landscape Report 2018. This report, “The Business View of Security: Examining the Alignment Gap and Dangerous Disconnects,” reviews business leaders’ views of IT security and misalignment with IT security leaders that can put organisations, and their customers, at risk.
Additional key findings include:
- Security concern does not translate into accountability
- 46 percent of security respondents say their organisation can’t stop every attempt to break into their internal network
- 63 percent of business respondents are concerned that their organisation is susceptible to attacks, like phishing, targeting the executive team
- Despite this high level of concern, 49 percent of business respondents report not having sufficient knowledge about security policies, and 52 percent do not understand their specific role in response to a cyber attack
- Worryingly, 33 percent of security professionals surveyed also claimed not to have adequate knowledge of – presumably their own – security policies
- Gaps in security best practices persist
- 42 percent of line of business respondents say they store passwords in a document on a company PC or laptop
- 21 percent of line of business respondents still record credentials in paper notebooks or store them in filing cabinets
- 31 percent of security professionals surveyed still do not use a privileged account security solution to store and manage privileged and/or administrative passwords
- Trust in security is at the core of commercial relationships
- Similarly, 44 percent of business respondents say potential partners assess their organisation’s security before doing business with them
- 51 percent of organisations provide third-party vendors remote access to their networks and, of this group, 23 percent fail to monitor remote vendor activity
“Unfortunately, it’s not uncommon for organisations to want to hide the extent of damage caused by cyber attacks. As we’ve seen in data breaches at Yahoo!, Uber and more, these organisations are either intentionally hiding initial details, or the attacks were more extensive than first thought,” said David Higgins, Director of Customer Development, EMEA at CyberArk. “This sort of behaviour will have massive consequences in the coming year with enforcement of GDPR fines for lack of compliance. What’s also surprising about this survey is the persistence of rampant poor security best practices and lack of consistency across line of business and IT security leaders – despite strong awareness of risks and continued headline-generating cyber attacks.”
