Poll finds poor cybersecurity habits persist worldwide

Israel’s CyberArk says threat awareness is up among IT professionals, but that doesn’t mean better defensive practices

Cyber-attack (Shutterstock)
Cyber-attack (Shutterstock)

Israel’s second-largest public security company, CyberArk, said a survey it published recently showed that heightened awareness of cybersecurity threats among information technology professionals has failed to translate into greater success in defending against those threats.

“Despite increased cybersecurity awareness, nearly every IT security breach or cyberattack continues to be underpinned by the failure of organizations to enforce best practices or adequately protect against advanced threats,” CyberArk’s Global Advanced Threat Landscape Survey 2016 said.

Today, as never before, global enterprises are vulnerable to worldwide hackers. Last week, Yahoo announced that at least 500 million of its accounts were hacked in 2014, in the world’s biggest known cyberattack by far.

CyberArk’s report — the result of surveys conducted with 750 IT and IT security decision makers from around the world — shows rising confidence in cybersecurity strategies and, at the same time, poor IT security habits that continue across the industry in critical areas such as privileged account security, third-party vendor access and cloud.

According to the report, 79 percent of respondents said their organization has taken appropriate action to improve security while 55% of respondents said they have changed or evolved processes for managing privileged accounts. Yet, these changes do not always go hand in hand with best practices.

For example, 40% of interviewees store privileged and/or administrative passwords in Word documents or spreadsheets on a company computer, making this information easy for a hacker to discover.

The report also notes that nearly half of the organizations commonly allow third-party vendors (such as supply chain and IT management firms) remote access to their internal networks, making them an additional pathway for cyberattack.

With the threat landscape constantly shifting, it’s hard to determine what type of cyberattacks will be the most dangerous in the next months, leading many organizations today to adopt a “post-breach” mindset, meaning they operate under the presumption of a breach and have developed response plans.

This attitude leads to positive steps in defensive post-breach planning, but it also reveals a risk of overconfidence – or maybe complacency – and may hamper the ability to efficiently respond when facing a sudden cyberattack.

“Many global organizations are taking positive steps toward better protecting against the damaging effects of a cyberattack, including implementing measurable security programs to benchmark progress. However, there is still a gap between ‘awareness’ and ‘preparedness’ in protecting against attacks,” the report said.

Most Popular
read more: