Delinea: Organizations’ Security Strategies Not keeping Pace with Threat Landscape
A new survey by Delinea of IT security decision makers shows 60% believe their overall security strategy doesn’t keep pace with the threat landscape, and they’re either lagging behind, treading water or merely running to keep up.
The survey included 2,100 respondents in more than 20 countries.
While 40% believe they have the right strategy in place, 84% of organizations reported that they have experienced an identity-related breach or an attack using stolen credentials during the previous year and a half.
Ninety percent of respondents said their organizations fully recognize the importance of identity security in enabling them to achieve their business goals. In addition, 87% said it is one of the most important security priorities for the next 12 months.
However, three-quarters also believe they’ll fall short of protecting privileged identities because they won’t get the support they need. This is largely due to a lack of budget and executive alignment. Sixty-three percent said their company’s board still doesn’t fully understand identity security and the role it plays in enabling better business operations.
Joseph Carson is Delinea‘s chief security scientist and advisory CISO.
“While the importance of identity security is acknowledged by business leaders, most security teams will not receive the backing and budget they need to put vital security controls and solutions in place to reduce major risks,” he said. “This means that the majority of organizations will continue to fall short of protecting privileges, leaving them vulnerable to cybercriminals looking to discover privileged accounts and abuse them.”
The report sheds light another dangerous oversight. Only 44% of organizations manage and secure machine identities, while the majority leave them exposed and vulnerable to attack.
“Cybercriminals look for the weakest link and overlook non-human identities — particularly when these are growing at a faster pace than human users — greatly increasing the risk of privilege-based identity attacks,” Carson said. “When attackers target machine and application identities, they can easily hide, moving around the network to determine the best place to strike and cause the most damage. Organizations need to ensure machine identities are included in their security strategies and follow best practices when it comes to protecting all their IT superuser accounts which, if compromised, could bring the entire business to a halt.”
