Menu
​Cyber attackers posing as insiders represents “greatest security risk”

​Cyber attackers posing as insiders represents “greatest security risk”

“It is no longer acceptable for organisations to presume they can keep attackers off their network."

Cyber attacks that exploit privileged and administrative accounts - the credentials used to manage and run an organisation’s IT infrastructure - represent the greatest enterprise security risks.

According to a new survey released by CyberArk, 61 per cent of respondents cited privileged account takeover as the most difficult stage of a cyber attack to mitigate, up from 44 per cent last year.

In addition, 48 per cent believe that data breaches are caused by poor employee security habits, while 29 percent blame attacker sophistication.

“It is no longer acceptable for organisations to presume they can keep attackers off their network,” says John Worrall, CMO, CyberArk.

“The most damaging attacks occur when privileged and administrative credentials are stolen, giving the attacker the same level of access as the internal people managing the systems.

“This puts an organisation at the mercy of an attacker’s motivation - be it financial, espionage or causing harm to the business.

“The survey points to increasing awareness of the devastating fallout of privileged account takeover, which we hope will continue to spur a ripple effect in the market as organisations acknowledge they must expand security strategies beyond trying to stop perimeter attacks like phishing.”

The findings are part of CyberArk’s 9th Annual Global Advanced Threat Landscape Survey, developed through interviews with 673 IT security and C-level executives.

CyberArk - who are represented in New Zealand by Connector Systems - analysed potential discrepancies between damaging cyber security threats and organisations’ confidence in being able to defend themselves.

While there is increasing awareness about the connection between privileged account takeover as a primary attack vector and recent, high profile breaches, many organisations are still focusing on perimeter defences.

With more than half of respondents believing they could detect an attack within days, CyberArk warns that many IT and business leaders may not have a full picture of their IT security programs.

Looking beyond the tip of the iceberg with perimeter defences and phishing attacks - organisations must be able to protect against more devastating compromises happening inside the network, like Pass-the-Hash and Kerberos ‘Golden Ticket’ attacks.

Respondents were asked which stage of an attack is the most difficult to mitigate:

  • 61 per cent cited privileged account takeover; versus 44 percent in 2014
  • 21 per cent cited malware installation
  • 12 per cent cited the reconnaissance phase by the attackers

Respondents were asked what attack vectors represented the greatest security concern:

  • 38 per cent cited stolen privileged or administrative accounts
  • 27 per cent cited phishing attacks
  • 23 per cent cited malware on the network

CyberArk’s survey highlights that while respondents display public confidence in their CEOs’ and directors’ security strategies, the tactics being employed by organisations can contradict security best practices.

Despite industry research showing that it typically takes organisations an average of 200 days to discover attackers on their networks, a majority of respondents believe they can detect attackers within days or hours.

Respondents also persist in believing that they can keep attackers off the network entirely - despite repeated evidence to the contrary.

So much so that 55 percent believe they can detect a breach within a matter of days while 25 per cent believe they can detect a breach within hours.

In addition, 44 percent still believe that they can keep attackers off of a targeted network, with 48 per cent believing poor employee security habits are to blame for data breaches.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securityConnector SystemsCyberArk

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments