|By Business Wire||
|July 28, 2014 09:00 AM EDT||
Sixty eight percent of businesses stated that the NSA breach by Edward Snowden and the number of retail/point of sale (PoS) system breaches in the past year were the most impactful in terms of changing security strategies to protect against the latest threats. The findings are part of CyberArk’s 8th Annual Global Advanced Threat Landscape survey – developed through interviews with 373 C-level and IT security executives across North America, Europe and the Asia-Pacific. The full survey can be downloaded for free here.
The majority of organizations surveyed believe that attacks reaching the privileged account takeover stage are the most difficult to detect, respond to and remediate. While the NSA breach is widely regarded as the prototypical insider-based attack, and the retail/PoS breaches are regarded similarly for outside attacks, the critical link between both attacks was the compromise and exploitation of privileged credentials.
Key findings of the 2014 survey include:
Snowden and Retail/PoS Breaches Influence Security Strategies the Most
When asked which cyber-attacks or data breaches in the past year had
the biggest impact on their business’ security strategy:
- 37 percent of respondents cited the NSA/Edward Snowden breach
- 31 percent of respondents cited the retail/PoS attacks
- 19 percent of respondents cited government-sponsored espionage
Third-Party Privileged Access Emerges as Critical Security Vulnerability
As companies move to the cloud and streamline the supply chain by
providing routine network access to third-parties, cyber-attackers are
increasingly targeting these partners to steal and exploit their
privileged access to the target company’s network. This pathway was
used in some of the most devastating breaches in the last 12 months.
The survey found:
- 60 percent of businesses now allow third-party vendors remote access to their internal networks
- Of this group, 58 percent of organizations have no confidence that third-party vendors are securing and monitoring privileged access to their network
Attackers are on the Inside – Protect Your Privileges
Organizations continue to face sophisticated and determined attackers
seeking to infiltrate networks. Many organizations face daily
perimeter-oriented attacks, such as phishing, designed to give
attackers a foothold to steal the privileged credentials of an
employee to give them defacto insider status. The survey found:
- 52 percent of respondents believe that a cyber-attacker is currently on their network, or has been in the past year
- 44 percent believe that attacks that reach the privileged account takeover stage are the most difficult to detect, respond to and remediate; 29 percent believe it is the malware implantation stage
Other Findings of Note
Survey respondents stated that the following trends were the most
impactful in terms of shaping and changing security strategies:
- 30 percent stated Bring Your Own Device (BYOD)
- 26 percent stated cloud computing
- 21 percent stated regulatory compliance
- 16 percent stated the Internet of Things (IoT)
When asked whether their organization had or was considering deploying
security analytics, this year’s survey found that:
- 31 percent of businesses have already deployed security analytics in some form
- 23 percent were planning on deploying security analytics in the next 12 months
- 33 percent had no plans to leverage security analytics
“Loss of IP and competitive advantage, diminishing brand value, loss of customers and negative shareholder impact are just a few of the business impacts many organizations felt as a result of cyber-attacks this year,” said Adam Bosnian, executive vice president, CyberArk. “This year’s survey results demonstrate that whether it’s an insider like Edward Snowden, or an outside-based attack like the retail/PoS breaches, attackers require the exploitation of insider credentials to successfully execute their attacks.”
Full Research Brief:
CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world’s leading companies – including more than 35 percent of the Fortune 100 and 17 of the world’s top 20 banks – to protect their highest value information assets, infrastructure and applications. A global company, CyberArk is headquartered in Petach Tikvah, Israel, with U.S. headquarters located in Newton, MA. The company also has offices throughout EMEA and Asia-Pacific. To learn more about CyberArk, visit www.cyberark.com, read the company blog, http://www.cyberark.com/blog/, follow on Twitter @CyberArk or Facebook at https://www.facebook.com/CyberArk.
Copyright © 2014 Cyber-Ark Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.
The speed of software changes in growing and large scale rapid-paced DevOps environments presents a challenge for continuous testing. Many organizations struggle to get this right. Practices that work for small scale continuous testing may not be sufficient as the requirements grow. In his session at DevOps Summit, Marc Hornbeek, Sr. Solutions Architect of DevOps continuous test solutions at Spirent Communications, explained the best practices of continuous testing at high scale, which is rele...
Feb. 22, 2017 03:15 AM EST Reads: 5,434
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
Feb. 22, 2017 03:00 AM EST Reads: 1,981
Hardware virtualization and cloud computing allowed us to increase resource utilization and increase our flexibility to respond to business demand. Docker Containers are the next quantum leap - Are they?! Databases always represented an additional set of challenges unique to running workloads requiring a maximum of I/O, network, CPU resources combined with data locality.
Feb. 22, 2017 02:45 AM EST Reads: 1,960
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Feb. 22, 2017 02:00 AM EST Reads: 12,935
"A lot of times people will come to us and have a very diverse set of requirements or very customized need and we'll help them to implement it in a fashion that you can't just buy off of the shelf," explained Nick Rose, CTO of Enzu, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Feb. 22, 2017 01:45 AM EST Reads: 6,001
As software becomes more and more complex, we, as software developers, have been splitting up our code into smaller and smaller components. This is also true for the environment in which we run our code: going from bare metal, to VMs to the modern-day Cloud Native world of containers, schedulers and micro services. While we have figured out how to run containerized applications in the cloud using schedulers, we've yet to come up with a good solution to bridge the gap between getting your contain...
Feb. 22, 2017 01:30 AM EST Reads: 3,483
Feb. 22, 2017 01:30 AM EST Reads: 4,083
"We host and fully manage cloud data services, whether we store, the data, move the data, or run analytics on the data," stated Kamal Shannak, Senior Development Manager, Cloud Data Services, IBM, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Feb. 22, 2017 01:15 AM EST Reads: 5,489
Who are you? How do you introduce yourself? Do you use a name, or do you greet a friend by the last four digits of his social security number? Assuming you don’t, why are we content to associate our identity with 10 random digits assigned by our phone company? Identity is an issue that affects everyone, but as individuals we don’t spend a lot of time thinking about it. In his session at @ThingsExpo, Ben Klang, Founder & President of Mojo Lingo, discussed the impact of technology on identity. Sho...
Feb. 22, 2017 12:30 AM EST Reads: 5,288
Information technology (IT) advances are transforming the way we innovate in business, thereby disrupting the old guard and their predictable status-quo. It’s creating global market turbulence. Industries are converging, and new opportunities and threats are emerging, like never before. So, how are savvy chief information officers (CIOs) leading this transition? Back in 2015, the IBM Institute for Business Value conducted a market study that included the findings from over 1,800 CIO interviews ...
Feb. 22, 2017 12:30 AM EST Reads: 1,608
"Operations is sort of the maturation of cloud utilization and the move to the cloud," explained Steve Anderson, Product Manager for BMC’s Cloud Lifecycle Management, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Feb. 21, 2017 10:45 PM EST Reads: 1,797
Due of the rise of Hadoop, many enterprises are now deploying their first small clusters of 10 to 20 servers. At this small scale, the complexity of operating the cluster looks and feels like general data center servers. It is not until the clusters scale, as they inevitably do, when the pain caused by the exponential complexity becomes apparent. We've seen this problem occur time and time again. In his session at Big Data Expo, Greg Bruno, Vice President of Engineering and co-founder of StackIQ...
Feb. 21, 2017 10:00 PM EST Reads: 8,760
"I think that everyone recognizes that for IoT to really realize its full potential and value that it is about creating ecosystems and marketplaces and that no single vendor is able to support what is required," explained Esmeralda Swartz, VP, Marketing Enterprise and Cloud at Ericsson, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Feb. 21, 2017 09:45 PM EST Reads: 650
The buzz continues for cloud, data analytics and the Internet of Things (IoT) and their collective impact across all industries. But a new conversation is emerging - how do companies use industry disruption and technology enablers to lead in markets undergoing change, uncertainty and ambiguity? Organizations of all sizes need to evolve and transform, often under massive pressure, as industry lines blur and merge and traditional business models are assaulted and turned upside down. In this new da...
Feb. 21, 2017 09:30 PM EST Reads: 693
"We got started as search consultants. On the services side of the business we have help organizations save time and save money when they hit issues that everyone more or less hits when their data grows," noted Otis Gospodnetić, Founder of Sematext, in this SYS-CON.tv interview at @DevOpsSummit, held June 9-11, 2015, at the Javits Center in New York City.
Feb. 21, 2017 09:15 PM EST Reads: 5,649