Cyber-Ark 2012 Trust, Security and Passwords Survey

Cyber-Arks annual global IT Security Survey was released in June 2012. Here are some key conclusions:

Privileged accounts are increasingly being targeted in enterprise assaults – regardless of the attack entry point :

• 71 percent of respondents consider insider threats to be the greatest security risk to their organisation.
• 29 percent cite external threats, including targeted cyber-attacks and opportunistic hacks.
• 64 percent of respondents believe that the majority of recent security attacks have involved the exploitation of privileged account access.

Recent high-profile security attacks, such as the RSA and Global Payments data breaches, have made an impact on security strategies this year:

When asked if they were rethinking security strategies based on these high profile breaches, more than half said yes (51 percent).

Respondents were asked to rank their 2012 IT security priorities in order of importance:

• Vulnerability Management (17 percent)
• Privileged Identity Management (16 percent)
• Security Information and Event Monitoring (SIEM) (15 percent)
• Anti-Virus/Malware (13 percent).

Despite growing awareness of the privileged connection in cyber-attacks and the increasing insider threat, some businesses are failing to uphold their responsibility for securing customer and similar sensitive information:

• 43 percent of respondents stated that their organizations do not monitor the use of privileged accounts or were unsure of whether they did.
• Of those organizations that monitor privileged access, 52 percent of respondents believe they can get around the current controls.

Current legislative and regulatory efforts to curb data breaches have proven ineffective to date:

When asked if data breach notification laws are effective in curbing data loss, 72 percent of respondents stated no, while only 28 percent stated yes.

The perception of the insider threat as the greatest security risk is driven by continued unauthorized access to sensitive information:

• 45 percent of respondents indicated that they have access to information on a system that is not relevant to their role.
• 42 percent of respondents indicated that they or a colleague have used admin passwords to access information that was otherwise confidential.
• 55 percent of respondents believe that competitors have received their company’s highly sensitive information or intellectual property.

See the full survey here (pdf)