Bad Security Habits Persist, Despite Rising Awareness: 2016 CyberArk Study

By Eric Noonan • October 18, 2016

The common barrage of cyber attacks and breaches in the news has given the world a much-needed boost in awareness around the risks and best practices related to cybersecurity. However, an annual study commissioned by CyberArk uncovered that despite this increase in awareness, bad security habits still persist. Here are some highlights from the study and what we should learn from them.

There is a Wide Gap Between “Awareness” and “Preparedness”

Out of the 740 global IT and IT Security decision-makers surveyed in the annual study, 79% stated their organization has learned lessons from major cyber attacks and 82% of professionals believe the security industry, in general, is making progress against cyber attacks. The number of professionals that believe their company’s leadership provides sound cybersecurity direction is now up to 67% from last year’s findings of 57%.

The study uncovered the increased awareness is not leading to equally increased security. Organizations are often undermining their own efforts by failing to enforce now well-known security best practices. For example, nearly every organization surveyed (95%) has a cybersecurity emergency response plan of some kind, but only 45% communicate and regularly test their plan. Possibly most concerning, 40% of organizations still store privileged passwords in a Microsoft Word document or spreadsheet, while another 28% are using a shared server or flash drive.

Risks from Overconfidence

75% of IT decision-makers now believe they can prevent attackers from breaching their internal network, which is up from just 44% last year. Despite that confidence, 36% believe an attacker is currently on their network or has been in the last 12 months while 46% believe their organization has been the victim of a ransomware attack in the last two years.

In the most recent Data Breach Investigations Report from Verizon, the top 10 known vulnerabilities accounted for 85% of successful exploits studied. Organizations are increasingly investing in cybersecurity technology, but too often they do not follow through with best practices to mitigate known risks. Also, executives must continue to focus on making cybersecurity best practices a part of organizational culture, rather than just a project or compliance checkbox.

Future Challenges

As organizations continue to rely more on resources in the cloud, there is also continued growing concern by IT professionals for the security of their customer’s information in the cloud. 60% of customers who use the cloud store customer data in it, but 57% who store information in the cloud are not completely confident in their cloud provider’s ability to protect their data.

The most catastrophic potential threat is considered to be an attack on financial systems that could cause disruption to global markets. A very close second is a concern for attacks causing massive utility damage, and then those affecting civil services such as healthcare and hospital services.

The study also asked for the specific tactics that IT professionals are most concerned about for the next 12 months. In order of highest concern first, they are: Distributed denial of service attacks (DDos), phishing, ransomware, privileged account exploitation, and perimeter breaches.

Does your organization share any of these concerns? Discuss leading solutions like the ones from CyberArk with innovative CyberSheath security professionals. Schedule a free consultation below.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMC-AB vice chair Jeff Dalton to address CMMC Con 2021

The swiftness and severity of recent cyber attacks has dominated headlines and revealed that many organizations still don’t quite know what to do to protect themselves, as well as the businesses and government entities they’re connected to.   Ransomware attacks were a big point of discussion at the recent G7…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft