Attackers are increasingly finding success using compromised privileged credentials to breach organizations, according to a new survey from Centrify.
In a survey of 1,000 IT decision-makers in the US and the UK, 74% of those organizations that have experienced a data breach admitted that the attacker was able to gain access through a privileged account.
The problem is a function of continuing to grant too much trust and privilege, the report said. Among the survey participants, 52% said their organization does not have a password vault and 65% admitted that they often share root or privileged access to systems and data. Nearly two-thirds (63%) of respondents said that after an employee leaves the company, it can take more than one day for privileged access to be restricted.
Despite the revelation that privileged access remains the preferred vector for attackers, 21% of participants said they have not implemented multi-factor authentication (MFA) for privileged administrative access, nor do a number of organizations invest in privileged access management (PAM) solutions.
The survey found that nearly half (45%) of all respondents fail to use privileged access controls to secure public and private cloud workloads. More than half (58%) are not using access controls to secure big data projects, and a majority (68%) are not using them to secure network devices, like hubs, switches and routers.
Interestingly, when asked what they would spend their time working on if they could choose a month-long project of personal interest or known business strategy, 28% of respondents in both the US and the UK chose PAM as one of their top three projects.
“Forrester had already estimated that privileged credential abuse was the leading attack vector, but now we have the empirical research to back it up,” said Tim Steinkopf, CEO of Centrify, in a press release.
“What’s alarming is that most organizations aren’t taking the most basic steps to reduce their risk of being breached. It’s not surprising that Forrester has found 66 percent of companies have been breached five or more times.”