More than half (52%) of businesses believe that a cyber-attacker is currently on their network, or has been in the past year, according to the Global Advanced Threat Landscape Survey from CyberArk.
Additionally, more than two thirds (68%) of organizations said the NSA breach (37%) and major retail breaches at Target and Neiman Marcus (31%) impacted their security strategies the most in the past year. While the NSA breach was an inside attack and the retail breaches were from external sources, both events occurred due to the theft and exploitation of “privileged accounts,” which are employee credentials used to gain access to systems.
For the report, which focuses on identifying global cyber-security trends, CyberArk surveyed 373 IT security and C-level executives across North America, Europe and Asia Pacific.
“Loss of IP and competitive advantage, diminishing brand value, loss of customers and negative shareholder impact are just a few of the business impacts many organizations felt as a result of cyber-attacks this year,” said Adam Bosnian, EVP of CyberArk. “This year’s survey results demonstrate that whether it’s an insider like Edward Snowden, or an outside-based attack like the retail/POS breaches, attackers require the exploitation of insider credentials to successfully execute their attacks.”
While security concerns are flooding all industries, including retail, 60% of businesses still allow third-party vendors remote access to their internal networks. More than half (58%) of these respondents said they have no confidence that the third-party vendors were securing and monitoring their privileged access to the network.
To mitigate or even prevent future security breaches, 31% of organizations have already deployed security analytics as part of their internal infrastructure, while 23% plan to do so over the next 12 months. Nearly one third (33%) of organizations said they have no plans to implement security analytics.
With the majority of businesses either deploying or planning to deploy security analytics in the near future, it is not surprising that 87% of organizations believe that detecting and alerting unusual privileged activity would be valuable to their overall security strategy.
Respondents pointed to several technology trends that are impacting their security strategies:
- BYOD (30%);
- Cloud computing (26%);
- Regulatory compliance (21%);
- The Internet of Things (16%); and
- Social media (7%).
Click here to download a complimentary copy of the report.