If enterprises ever were given wake-up call, it should be this: stealing and exploiting privileged accounts is a critical success factor for attackers in 100% of all advanced attacks, regardless of attack origin.
As companies move to the cloud and streamline the supply chain by providing routine network access to third-parties, cyber-attackers are increasingly targeting these partners to steal and exploit their privileged access to the target company’s network. And awareness is growing: According to CyberArk’s 2014 Global Advanced Threat Landscape survey, 68% of businesses said that the NSA breach by Edward Snowden, and the number of retail and point-of-sale (PoS) system breaches in the past year, have been the most impactful developments in terms of changing security strategies to protect against the latest threats. Neither Snowden’s data compromise nor the grand-daddy of retail events, the Target breach, could have been successfully executed without the compromise and exploitation of privileged credentials.
That said, 60% of businesses now allow third-party vendors remote access to their internal networks; and of this group, 58% of organizations have no confidence that third-party vendors are securing and monitoring their privileged access to their network.
On top of that vulnerability, many organizations face daily perimeter-oriented attacks, such as phishing designed to give attackers a foothold to steal the privileged credentials of an employee that give them de facto insider status. The survey found 52% of respondents believe that a cyber-attacker is currently on their network, or has been in the past year; and 29% believe attackers are in the malware implantation stage.
“Advanced attacks follow a common, multi-stage approach to breaching defenses, gathering and exfiltration critical data,” said John Worrall, CMO at CyberArk, in a statement. “It’s clear that privileged access is required to gain access to target systems and move laterally from system to system. The faster the industry takes notice of the privileged connection to these attacks, the more quickly better defenses can be mounted.”
Despite the critical nature of privileged account security in stopping attacks, 42% of businesses still allow for the sharing of administrative credentials, while 56% take more than 60 days to change privileged passwords.
In addition, visibility is a problem: 44% believe attacks that reach the privileged account takeover stage are the most difficult to detect, respond to and remediate. Many companies are starting now to shift their security postures to be more holistic.
“Companies of all sizes today face an unprecedented number of cyber-attacks from organized, patient and well-funded groups,” said Eric Noonan, CEO at CyberSheath. “We’re starting to see CISO’s shift from band aid point-solution purchases to integrated technologies built on intelligence-gathering features to combat advanced threats.”