According to the 9th annual ‘Global Advanced Threat Landscape Survey' conducted by CyberArk, cyber-attacks that exploit privileged and administrative accounts represent the greatest security risks for enterprises.
The survey was developed through interviews with 673 IT security and C-level executives and examined potential conflicts between damaging cyber-security threats and organisations' confidence in their ability to defend themselves.
Privileged account takeover was cited as the most difficult portion of an attack to mitigate for 61 percent of respondents. Twenty-one percent cited malware installation as the most difficult. The reconnaissance phase by attackers was cited the most difficult by 12 percent.
When asked what attack vectors represented the greatest security concern, 38 percent of respondents cited stolen privileged or administrative accounts. Phishing attacks were recognised by 27 percent of respondents, and 23 percent cited malware on the network as the biggest concern for security.
Fifty-five percent of respondents feel that they can detect a breach in a matter of days while 25 percent believe they can detect a breach in a matter of hours. Forty-four percent believe that they can keep attackers off a targeted network.
Forty-eight percent feel that data breaches are caused by poor employee security habits and 29 percent point fingers at attacker sophistication. Confidence in security strategies introduced by their CEO or board of directors was acknowledged by 57 percent.
The types of attacks that respondents are most concerned about are password hijacking (72 percent), phishing attacks (70 percent), SSH key hijacking (41 percent) and Pass-the-Hash attacks (36 percent).
“It is no longer acceptable for organisations to presume they can keep attackers off their network,” said John Worrall, CMO, CyberArk. “The most damaging attacks occur when privileged and administrative credentials are stolen, giving the attacker the same level of access as the internal people managing the systems. The survey points to increasing awareness of the devastating fallout of privileged account takeover, which we hope will continue to spur a ripple effect in the market as organisations acknowledge they must expand security strategies beyond trying to stop perimeter attacks like phishing.”