Cyber attacks pose a greater risk than physical attacks, said 80 percent of C-level executives and IT security professionals, while 51 percent believe a cyber attacker is currently in their corporate network, or have been in the past year, a new survey said.
Continued reports of nation-based attacks on global critical infrastructure and businesses, combined with high-profile data breaches such as the NSA leak, have made the industry acutely aware of the threat that today’s cyber attackers pose, according to the findings in a Cyber-Ark survey, developed through interviews with 989 IT and C-level executives across North America, Europe, and Asia Pacific.
Despite this awareness, businesses still have quite an amount of work to do to secure the enterprise from advanced attacks. Cyber attackers are continuing to breach perimeter security at an accelerated rate. As a result, businesses need to assume the attackers are already inside their network and focus on securing the access points to the critical data and assets that the attackers covet, according to the security software provider’s survey.
Advanced attacks represent grave threats to national security, business and the economy:
• 80 percent of respondents believe that cyber attacks pose a greater threat to their nation than physical attacks.
• 61 percent of respondents believe that government and legislative action can help protect critical infrastructure against advanced threats. This number was the lowest in the U.S., where only 57 percent believe legislation will be an effective tool, as opposed to 64 percent of respondents in Europe and 61 percent in APAC.
The perceived failure of perimeter security – attackers already inside:
• Perimeter-oriented tactical aggressions, such as phishing attempts almost always precipitate advanced attacks. The increasing ease with which attackers are breaching the enterprise perimeter is eroding confidence in perimeter security.
• 57 percent of respondents believe their company puts too much faith in perimeter security.
• 51 percent of respondents believe a cyber attacker is currently on their network – or has been in the past year.
Privileged accounts as an advanced threat vulnerability:
• Privileged accounts have emerged as the primary target for advanced enterprise attacks. Privileged accounts consist of privileged and administrative accounts, default and hardcoded passwords, application backdoors, and more.
• 64 percent of respondents indicate they are now managing privileged accounts as an advanced threat security vulnerability.
• Despite this growing awareness, 39 percent of respondents either don’t know how to identify where privileged accounts exist or are doing so manually.
Companies lose control of privileges in the cloud:
• 56 percent of respondents do not know what their cloud service providers are doing to protect and monitor privileged accounts.
• 25 percent of respondents felt they were better equipped to protect their confidential information than their cloud provider – and yet they still entrust the third party with their data.