Story image

'Immature' firms struggling to manage credential compromise

28 Feb 2019

It’s highly likely that a data breach will involve some kind of privileged credential abuse but it’s still one security issue that is being overlooked by many organizations.

That’s according to research from Centrify, which polled 1000 IT decision makers across the United States and United Kingdom. Those decision makers admitted that 74% of breaches involved compromised access to privileged credentials – yet most of them are still extremely immature in their privileged access management (PAM) journey.

That immaturity results in granting employees and other stakeholders too much access and too much privilege to potentially sensitive data and critical infrastructure.

According to the research, 65% of respondents somewhat often share root or privileged access to data and systems; 63% take more than one day to close privileged access to employees who have left their organization; 52% do not use a password vault; and 21% have not implemented multi-factor authentication for privileged administrative access.

Commenting on the findings, Centrify CEO Tim Steinkopf says that Forrester estimated 80% of breaches involve privileged credentials, but now Centrify’s evidence backs that estimate up.

“What’s alarming is that most organizations aren’t taking the most basic steps to reduce their risk of being breached. It’s not surprising that Forrester has found 66% of companies have been breached five or more times."

"It’s well past time to secure privileged access with a Zero Trust approach, and many organizations can significantly harden their security posture with low-hanging fruit like a password vault and multi-factor authentication.”

Despite many modern use cases for privileged credentials, they are still not managed properly.

The research found that 72% of respondents don’t secure containers with privileged access controls; 68% don’t secure network devices (hubs, switches, routers) with privileged access controls;

58% don’t secure big data projects with privileged access controls; and 45% don’t secure cloud workloads with privileged access controls.

“Today’s environment is much different than when all privileged access was constrained to systems and resources inside the network. Privileged access now not only covers infrastructure, databases and network devices, but is extended to cloud environments, Big Data, DevOps, containers and more,” says Steinkopf.

Centrify says IT practitioners should consider that security controls like privileged access management are fundamental enablers of digital transformation.

Gartner predicted Privileged Access Management to be the second-fastest growing segment for information security and risk management spending worldwide in 2019. Gartner also named privileged access management a top 10 security project for 2019.

Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.
SolarWinds extends database anomaly detection
As organisations continue their transition from purely on-premises operations into both private and public cloud infrastructures, adapting their IT monitoring and management capabilities can pose a significant challenge.
Adura launches new SOC and MSP in Singapore
The new SOC focuses on the needs of businesses to gain insight into their organization’s security posture and increase their ability to react promptly.