Welcome!

News Feed Item

Global Survey: NSA, Retail Breaches Influenced Corporate Security Strategies the Most

Sixty eight percent of businesses stated that the NSA breach by Edward Snowden and the number of retail/point of sale (PoS) system breaches in the past year were the most impactful in terms of changing security strategies to protect against the latest threats. The findings are part of CyberArk’s 8th Annual Global Advanced Threat Landscape survey – developed through interviews with 373 C-level and IT security executives across North America, Europe and the Asia-Pacific. The full survey can be downloaded for free here.

The majority of organizations surveyed believe that attacks reaching the privileged account takeover stage are the most difficult to detect, respond to and remediate. While the NSA breach is widely regarded as the prototypical insider-based attack, and the retail/PoS breaches are regarded similarly for outside attacks, the critical link between both attacks was the compromise and exploitation of privileged credentials.

Key findings of the 2014 survey include:

Snowden and Retail/PoS Breaches Influence Security Strategies the Most

  • When asked which cyber-attacks or data breaches in the past year had the biggest impact on their business’ security strategy:
    • 37 percent of respondents cited the NSA/Edward Snowden breach
    • 31 percent of respondents cited the retail/PoS attacks
    • 19 percent of respondents cited government-sponsored espionage

Third-Party Privileged Access Emerges as Critical Security Vulnerability

  • As companies move to the cloud and streamline the supply chain by providing routine network access to third-parties, cyber-attackers are increasingly targeting these partners to steal and exploit their privileged access to the target company’s network. This pathway was used in some of the most devastating breaches in the last 12 months. The survey found:
    • 60 percent of businesses now allow third-party vendors remote access to their internal networks
    • Of this group, 58 percent of organizations have no confidence that third-party vendors are securing and monitoring privileged access to their network

Attackers are on the Inside – Protect Your Privileges

  • Organizations continue to face sophisticated and determined attackers seeking to infiltrate networks. Many organizations face daily perimeter-oriented attacks, such as phishing, designed to give attackers a foothold to steal the privileged credentials of an employee to give them defacto insider status. The survey found:
    • 52 percent of respondents believe that a cyber-attacker is currently on their network, or has been in the past year
    • 44 percent believe that attacks that reach the privileged account takeover stage are the most difficult to detect, respond to and remediate; 29 percent believe it is the malware implantation stage

Other Findings of Note

  • Survey respondents stated that the following trends were the most impactful in terms of shaping and changing security strategies:
    • 30 percent stated Bring Your Own Device (BYOD)
    • 26 percent stated cloud computing
    • 21 percent stated regulatory compliance
    • 16 percent stated the Internet of Things (IoT)
  • When asked whether their organization had or was considering deploying security analytics, this year’s survey found that:
    • 31 percent of businesses have already deployed security analytics in some form
    • 23 percent were planning on deploying security analytics in the next 12 months
    • 33 percent had no plans to leverage security analytics

Supporting Quotes
“Loss of IP and competitive advantage, diminishing brand value, loss of customers and negative shareholder impact are just a few of the business impacts many organizations felt as a result of cyber-attacks this year,” said Adam Bosnian, executive vice president, CyberArk. “This year’s survey results demonstrate that whether it’s an insider like Edward Snowden, or an outside-based attack like the retail/PoS breaches, attackers require the exploitation of insider credentials to successfully execute their attacks.”

Full Research Brief:
http://www.cyberark.com/contact/global-advanced-threat-landscape-survey-2014

About CyberArk
CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world’s leading companies – including more than 35 percent of the Fortune 100 and 17 of the world’s top 20 banks – to protect their highest value information assets, infrastructure and applications. A global company, CyberArk is headquartered in Petach Tikvah, Israel, with U.S. headquarters located in Newton, MA. The company also has offices throughout EMEA and Asia-Pacific. To learn more about CyberArk, visit www.cyberark.com, read the company blog, http://www.cyberark.com/blog/, follow on Twitter @CyberArk or Facebook at https://www.facebook.com/CyberArk.

Copyright © 2014 Cyber-Ark Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
This talk centers around how to automate best practices in a multi-/hybrid-cloud world based on our work with customers like GE, Discovery Communications and Fannie Mae. Today’s enterprises are reaping the benefits of cloud computing, but also discovering many risks and challenges. In the age of DevOps and the decentralization of IT, it’s easy to over-provision resources, forget that instances are running, or unintentionally expose vulnerabilities.
Everywhere we turn in our industry we can find strong opinions about the direction, type and nature of cloud’s impact on computing and business. Another word that is used in every context in our industry is “hybrid.” In his session at 20th Cloud Expo, Alvaro Gonzalez, Director of Technical, Partner and Field Marketing at Peak 10, will use a combination of a few conceptual props and some research recently commissioned by Peak 10 to offer a real-world consideration of how the various categories of...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In his Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will explore t...
In his opening keynote at 20th Cloud Expo, Michael Maximilien, Research Scientist, Architect, and Engineer at IBM, will motivate why realizing the full potential of the cloud and social data requires artificial intelligence. By mixing Cloud Foundry and the rich set of Watson services, IBM's Bluemix is the best cloud operating system for enterprises today, providing rapid development and deployment of applications that can take advantage of the rich catalog of Watson services to help drive insigh...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
When NSA's digital armory was leaked, it was only a matter of time before the code was morphed into a ransom seeking worm. This talk, designed for C-level attendees, demonstrates a Live Hack of a virtual environment to show the ease in which any average user can leverage these tools and infiltrate their network environment. This session will include an overview of the Shadbrokers NSA leak situation.
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deli...
As enterprise cloud becomes the norm, businesses and government programs must address compounded regulatory compliance related to data privacy and information protection. The most recent, Controlled Unclassified Information and the EU’s GDPR have board level implications and companies still struggle with demonstrating due diligence. Developers and DevOps leaders, as part of the pre-planning process and the associated supply chain, could benefit from updating their code libraries and design by in...
Five years ago development was seen as a dead-end career, now it’s anything but – with an explosion in mobile and IoT initiatives increasing the demand for skilled engineers. But apart from having a ready supply of great coders, what constitutes true ‘DevOps Royalty’? It’ll be the ability to craft resilient architectures, supportability, security everywhere across the software lifecycle. In his keynote at @DevOpsSummit at 20th Cloud Expo, Jeffrey Scheaffer, GM and SVP, Continuous Delivery Busine...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
SYS-CON Events announced today that EARP Integration will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. EARP Integration is a passionate software house. Since its inception in 2009 the company successfully delivers smart solutions for cities and factories that start their digital transformation. EARP provides bespoke solutions like, for example, advanced enterprise portals, business intelligence systems an...
SYS-CON Events announced today that WineSOFT will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Based in Seoul and Irvine, WineSOFT is an innovative software house focusing on internet infrastructure solutions. The venture started as a bootstrap start-up in 2010 by focusing on making the internet faster and more powerful. WineSOFT’s knowledge is based on the expertise of TCP/IP, VPN, SSL, peer-to-peer, mob...
SYS-CON Events announced today that delaPlex will exhibit at SYS-CON's @CloudExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. delaPlex pioneered Software Development as a Service (SDaaS), which provides scalable resources to build, test, and deploy software. It’s a fast and more reliable way to develop a new product or expand your in-house team.