Survey: Only Half Of Organizations Believe They Can Stop Cyber Attacks
According to a new global survey from CyberArk, 50 percent of organizations believe attackers can infiltrate their networks each time they try. As organizations increase investments in automation and agility, a general lack of awareness about the existence of privileged credentials – across DevOps, robotic process automation (RPA) and in the cloud – is compounding risk.
According to the CyberArk Global Advanced Threat Landscape 2019 Report, less than half of organizations have a privileged access security strategy in place for DevOps, IoT, RPA and other technologies that are foundational to digital initiatives. This creates a perfect opportunity for attackers to exploit legitimate privileged access to move laterally across a network to conduct reconnaissance and progress their mission.
Preventing this lateral movement is a key reason why organizations are mapping security investments against key mitigation points along the cyber kill chain, with 28 percent of total planned security spend in the next two years to focus on stopping privilege escalation and lateral movement.
Proactive investments to reduce risk are critical given what this year’s survey respondents cite as their top threats:
- 78 percent identified hackers in their top three greatest threats to critical assets, followed by organized crime (46 percent), hacktivists (46 percent) and privileged insiders (41 percent).
- 60 percent of respondents cited external attacks, such as phishing, as one of the greatest security risks currently facing their organization, followed by ransomware (59 percent) and Shadow IT (45 percent).
Security Barriers to Digital Transformation and the Privilege Priority
The survey found that while organizations view privileged access security as a core component of an effective cybersecurity program, this understanding has not yet translated to action for protecting foundational digital transformation technologies.
- 84 percent state that IT infrastructure and critical data are not fully protected unless privileged accounts, credentials and secrets are secured.
- Despite this, only 49 percent have a privileged access security strategy in place for protecting business-critical applications and cloud infrastructure respectively, with even fewer having a strategy for DevOps (35 percent) or IoT (32 percent).
- Further, only 21 percent understood that privileged accounts, credentials and secrets exist in containers, 24 percent understood that they exist in source code repositories and 30 percent understood that they are present in privileged applications and processes such as RPA.
“Organizations are showing an increased understanding of the importance of mitigation along the cyber kill chain and why preventing credential creep and lateral movement is critical to security,” said Adam Bosnian, executive vice president, global business development, CyberArk. “But this awareness must extend to consistently implementing proactive cybersecurity strategies across all modern infrastructure and applications, specifically reducing privilege-related risk in order to recognize tangible business value from digital transformation initiatives.”
Global Compliance Readiness
According to the survey, a surprising 41 percent of organizations would be willing to pay fines for non-compliance with major regulations, but would not change security policies even after experiencing a successful cyber attack. On the heels of more than $300M in General Data Protection Regulation (GDPR) fines being levied on global organizations for data breaches, this mindset is not sustainable.
The survey also examined the impact of major regulations around the world:
- GDPR: Less than half (46 percent) are completely prepared for breach notification and investigation within the mandated 72 hour period.
- Australia’s Data Breach Notification Law: 62 percent of Australian respondents reported that they were completely prepared to comply with the entirety of the statute, which came into force in February 2019.
- California Consumer Privacy Act (CCPA): Only 37 percent are ready for this legislation to go into effect in 2020; 39 percent are actively working to meet deadline requirements.

Latest Jobs
-
- Security Auditor / 3rd Party Assurance. London. End user
- London
- 60000
-
Security Auditor / 3rd Party Assurance. London. End user The Security Auditor / 3rd Party Assurance role has two key functions. Manage the ongoing assessment of new and existing 3rd party suppliers to ensure they meet the internal policies / controls. (Reassessment etc) Internal Auditing across business to ensure various departemnt / operations are compliant and inline with internal ISMS etc. ISO 27001 internal audit experience, creation of audit reports experinece essential. This is an internal business so broad experience across a multiple technology environment (cloud and on prem) is highly desirable. MUST be able to engage and work with senior stakeholders in an often faced pace environment. ISO27001, NIST, CISSP, CISA Risk assessment experinece needed This is a permanent role.. Blend of technical and consultative approach needed. This role will require someone to travel to London a few days a week once lock down permits and their offices fully reopen. All details kept in confidence. Apply today to find out more.
-
- Security Auditor / 3rd Party Assurance. London. End user
- London
- 60000
-
Security Auditor / 3rd Party Assurance. London. End user The Security Auditor / 3rd Party Assurance role has two key functions. Manage the ongoing assessment of new and existing 3rd party suppliers to ensure they meet the internal policies / controls. (Reassessment etc) Internal Auditing across business to ensure various departemnt / operations are compliant and inline with internal ISMS etc. ISO 27001 internal audit experience, creation of audit reports experinece essential. This is an internal business so broad experience across a multiple technology environment (cloud and on prem) is highly desirable. MUST be able to engage and work with senior stakeholders in an often faced pace environment. ISO27001, NIST, CISSP, CISA Risk assessment experinece needed This is a permanent role.. Blend of technical and consultative approach needed. This role will require someone to travel to London a few days a week once lock down permits and their offices fully reopen. All details kept in confidence. Apply today to find out more.
-
- Head of Penetration Testing, UK based, Flexible location.
- United Kingdom
- Upto £100,000 plus excellent benefits
-
Head of Penetration Testing needed to join a security consultancy that are delivering client facing penetration testing services around Web app and Infrastructure. Looking for someone hands on that is able to manage a highly skilled technical team of testers. 50-60% of the time is expected to be hands on, other duties will include, but not be limited to; leading and managing the day to day running of the team, mentoring, team upskill, recruitment, reporting, escalation, process improvement etc. Flexible location although south east is preferred. Anyone with Check / CREST experience is highly desirable. MUST be able to achieve SC clearance. UK based role. All details kept in confidence.
-
- Technical Security Analyst. Immediate opportunity,
- Newcastle upon Tyne
- 48000
-
Technical Security Analyst. Immediate opportunity, Technical Security Analyst needed to join a specialist security team. This role will require travel into the office in a hybrid model once industry returns back to the working environment. The Security Analyst must be commutable to Newcastle upon Tyne. This is an Immediate opportunity. An essential requirement of the role is to be able to engage with internal stakeholders so a blend off technical hands on analytical and consultative communication skills. The role will include, but not be limited to; managing and handling incidents end to end, log review, incident analysis, escalation, vulnerability assessment, Automation, Malware Analysis, Threat intelligence, etc All details kept in confidence. https://calendly.com/chris-holt/call-with-chris-holt-dcl-search