CyberArk has outlined its security predictions for 2015, with the industry expert claiming the recent cyber attacks on Sony is in fact the norm, and not an anomaly.
"In terms that Sony is being called out for in terms of poor security are very common across enterprises," the CyberArk report claims.
"The prevalence of poor password policies is mind boggling – CyberArk sees this all the time when we meet with prospective customers at large Global 2000 enterprises."
According to CyberArk, distributed in New Zealand by Connector Systems, the company regularly encounters unknown/undiscovered service accounts, through privileged passwords that have not been changed in as many as 25 years.
Below are the company's top security predictions for 2015:
Reign of the insider threat
The insider threat is expected to take centre stage, with greater sophistication, in the security landscape in 2015 as they have proven to be the quickest way to breach networks and steal data.
"Rogue employees today not alone collaborate with external cybercriminals and are armed with sophisticated technologies," CyberArk states.
"Organisations will start to be more aware that insider threats cost more than being breached by an external attacker, and continue to invest more in behaviour indicators and classifying data and monitoring access."
The Kevin Bacon effect of Remote Access
The ‘six degrees’ that separate attackers from your IP / data often include a vendor with access to your systems or other remote access.
Threat investigators have traced attacks to non-traditional targets such trucking companies and all types of professional services firms, from management consultants and auditors to litigation attorneys, frequently as a key step in an attack on a business partner.
"Our research shows 60 per cent of businesses now allow third-party vendors remote access to their internal networks," CyberArk explains.
"Of this group, 58 per cent of organisations have no confidence that third-party vendors are securing and monitoring privileged access to their network."