Bad Security Habits Persist, Despite Rising Awareness: 2016 CyberArk Study

By Eric Noonan • October 18, 2016

The common barrage of cyber attacks and breaches in the news has given the world a much-needed boost in awareness around the risks and best practices related to cybersecurity. However, an annual study commissioned by CyberArk uncovered that despite this increase in awareness, bad security habits still persist. Here are some highlights from the study and what we should learn from them.

There is a Wide Gap Between “Awareness” and “Preparedness”

Out of the 740 global IT and IT Security decision-makers surveyed in the annual study, 79% stated their organization has learned lessons from major cyber attacks and 82% of professionals believe the security industry, in general, is making progress against cyber attacks. The number of professionals that believe their company’s leadership provides sound cybersecurity direction is now up to 67% from last year’s findings of 57%.

The study uncovered the increased awareness is not leading to equally increased security. Organizations are often undermining their own efforts by failing to enforce now well-known security best practices. For example, nearly every organization surveyed (95%) has a cybersecurity emergency response plan of some kind, but only 45% communicate and regularly test their plan. Possibly most concerning, 40% of organizations still store privileged passwords in a Microsoft Word document or spreadsheet, while another 28% are using a shared server or flash drive.

Risks from Overconfidence

75% of IT decision-makers now believe they can prevent attackers from breaching their internal network, which is up from just 44% last year. Despite that confidence, 36% believe an attacker is currently on their network or has been in the last 12 months while 46% believe their organization has been the victim of a ransomware attack in the last two years.

In the most recent Data Breach Investigations Report from Verizon, the top 10 known vulnerabilities accounted for 85% of successful exploits studied. Organizations are increasingly investing in cybersecurity technology, but too often they do not follow through with best practices to mitigate known risks. Also, executives must continue to focus on making cybersecurity best practices a part of organizational culture, rather than just a project or compliance checkbox.

Future Challenges

As organizations continue to rely more on resources in the cloud, there is also continued growing concern by IT professionals for the security of their customer’s information in the cloud. 60% of customers who use the cloud store customer data in it, but 57% who store information in the cloud are not completely confident in their cloud provider’s ability to protect their data.

The most catastrophic potential threat is considered to be an attack on financial systems that could cause disruption to global markets. A very close second is a concern for attacks causing massive utility damage, and then those affecting civil services such as healthcare and hospital services.

The study also asked for the specific tactics that IT professionals are most concerned about for the next 12 months. In order of highest concern first, they are: Distributed denial of service attacks (DDos), phishing, ransomware, privileged account exploitation, and perimeter breaches.

Does your organization share any of these concerns? Discuss leading solutions like the ones from CyberArk with innovative CyberSheath security professionals. Schedule a free consultation below.

CyberSheath Blog

How to Safeguard Your Company from Phishing

Email is so ubiquitous in our everyday lives that it can be a challenge to always be on guard when receiving messages. Each day it’s not unheard of for each member of your team to have hundreds of messages land in their inbox. How do you make sure that none…

3 Tools to Help Defend Your IT Infrastructure from Threats

With the continually evolving threat landscape and the prevalence of team members working from home, it is more important than ever to be proactive with how your company is protecting itself from cyberattacks.  CyberSheath can help. We offer services to build on all the great work you have already done…

DNS Filtering for Additional Protection of IT Systems

Phase one of securing your IT infrastructure should include protecting your endpoints and safeguarding your employees from phishing attempts. After you have implemented these controls, the next logical step is to launch a DNS filtering solution.   What is DNS filtering and why do you need it? Domain name server…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO