Bad Security Habits Persist, Despite Rising Awareness: 2016 CyberArk Study
The common barrage of cyber attacks and breaches in the news has given the world a much-needed boost in awareness around the risks and best practices related to cybersecurity. However, an annual study commissioned by CyberArk uncovered that despite this increase in awareness, bad security habits still persist. Here are some highlights from the study and what we should learn from them.
There is a Wide Gap Between “Awareness” and “Preparedness”
Out of the 740 global IT and IT Security decision-makers surveyed in the annual study, 79% stated their organization has learned lessons from major cyber attacks and 82% of professionals believe the security industry, in general, is making progress against cyber attacks. The number of professionals that believe their company’s leadership provides sound cybersecurity direction is now up to 67% from last year’s findings of 57%.
The study uncovered the increased awareness is not leading to equally increased security. Organizations are often undermining their own efforts by failing to enforce now well-known security best practices. For example, nearly every organization surveyed (95%) has a cybersecurity emergency response plan of some kind, but only 45% communicate and regularly test their plan. Possibly most concerning, 40% of organizations still store privileged passwords in a Microsoft Word document or spreadsheet, while another 28% are using a shared server or flash drive.
Risks from Overconfidence
75% of IT decision-makers now believe they can prevent attackers from breaching their internal network, which is up from just 44% last year. Despite that confidence, 36% believe an attacker is currently on their network or has been in the last 12 months while 46% believe their organization has been the victim of a ransomware attack in the last two years.
In the most recent Data Breach Investigations Report from Verizon, the top 10 known vulnerabilities accounted for 85% of successful exploits studied. Organizations are increasingly investing in cybersecurity technology, but too often they do not follow through with best practices to mitigate known risks. Also, executives must continue to focus on making cybersecurity best practices a part of organizational culture, rather than just a project or compliance checkbox.
As organizations continue to rely more on resources in the cloud, there is also continued growing concern by IT professionals for the security of their customer’s information in the cloud. 60% of customers who use the cloud store customer data in it, but 57% who store information in the cloud are not completely confident in their cloud provider’s ability to protect their data.
The most catastrophic potential threat is considered to be an attack on financial systems that could cause disruption to global markets. A very close second is a concern for attacks causing massive utility damage, and then those affecting civil services such as healthcare and hospital services.
The study also asked for the specific tactics that IT professionals are most concerned about for the next 12 months. In order of highest concern first, they are: Distributed denial of service attacks (DDos), phishing, ransomware, privileged account exploitation, and perimeter breaches.
Does your organization share any of these concerns? Discuss leading solutions like the ones from CyberArk with innovative CyberSheath security professionals. Schedule a free consultation below.