Bad Security Habits Persist, Despite Rising Awareness: 2016 CyberArk Study

By Eric Noonan • October 18, 2016

The common barrage of cyber attacks and breaches in the news has given the world a much-needed boost in awareness around the risks and best practices related to cybersecurity. However, an annual study commissioned by CyberArk uncovered that despite this increase in awareness, bad security habits still persist. Here are some highlights from the study and what we should learn from them.

There is a Wide Gap Between “Awareness” and “Preparedness”

Out of the 740 global IT and IT Security decision-makers surveyed in the annual study, 79% stated their organization has learned lessons from major cyber attacks and 82% of professionals believe the security industry, in general, is making progress against cyber attacks. The number of professionals that believe their company’s leadership provides sound cybersecurity direction is now up to 67% from last year’s findings of 57%.

The study uncovered the increased awareness is not leading to equally increased security. Organizations are often undermining their own efforts by failing to enforce now well-known security best practices. For example, nearly every organization surveyed (95%) has a cybersecurity emergency response plan of some kind, but only 45% communicate and regularly test their plan. Possibly most concerning, 40% of organizations still store privileged passwords in a Microsoft Word document or spreadsheet, while another 28% are using a shared server or flash drive.

Risks from Overconfidence

75% of IT decision-makers now believe they can prevent attackers from breaching their internal network, which is up from just 44% last year. Despite that confidence, 36% believe an attacker is currently on their network or has been in the last 12 months while 46% believe their organization has been the victim of a ransomware attack in the last two years.

In the most recent Data Breach Investigations Report from Verizon, the top 10 known vulnerabilities accounted for 85% of successful exploits studied. Organizations are increasingly investing in cybersecurity technology, but too often they do not follow through with best practices to mitigate known risks. Also, executives must continue to focus on making cybersecurity best practices a part of organizational culture, rather than just a project or compliance checkbox.

Future Challenges

As organizations continue to rely more on resources in the cloud, there is also continued growing concern by IT professionals for the security of their customer’s information in the cloud. 60% of customers who use the cloud store customer data in it, but 57% who store information in the cloud are not completely confident in their cloud provider’s ability to protect their data.

The most catastrophic potential threat is considered to be an attack on financial systems that could cause disruption to global markets. A very close second is a concern for attacks causing massive utility damage, and then those affecting civil services such as healthcare and hospital services.

The study also asked for the specific tactics that IT professionals are most concerned about for the next 12 months. In order of highest concern first, they are: Distributed denial of service attacks (DDos), phishing, ransomware, privileged account exploitation, and perimeter breaches.

Does your organization share any of these concerns? Discuss leading solutions like the ones from CyberArk with innovative CyberSheath security professionals. Schedule a free consultation below.

Cybersheath Blog

CMMC Compliance Dashboard: Gain New Visibility into Compliance

CMMC is not a compliance framework. It’s a maturity model. That has big implications for how you approach compliance, but also how you keep track of all the elements that make up compliance. And yet, visibility has been one of the most difficult challenges facing DIB contractors. It used to…

CMMCEnclave: Add Versatility with a More Flexible Approach

The enclave approach to CMMC compliance is one of the most cost effective and least disruptive ways to safeguard CUI. You can maintain high-value custodial security of CUI without upending your existing processes, procedures, and people. That way, you can maintain the proper level of CMMC compliance and remain eligible…

How to Offboard Your Managed Services Provider

For any of a variety of reasons including lack of communication, slow response times, or prolonged downtime, your organization has decided to change your managed service provider (MSP). Whether you have already signed an agreement with a new MSP or you are actively looking for a replacement, now is the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft