Privileged credential abuse involved in 74% of data breaches, says study

Cybercriminals are continuing to target low-hanging fruit; according to a new study from Centrify, the security and identify firm, while 74% of data breaches involved privileged credential abuse, identity and access management resources are severely lacking among enterprises.

The survey of 1,000 IT decision makers, 500 from the U.K. and 500 from the U.S., found that 52% of respondents do not have a password vault; while 63% indicate their companies usually take more than one day to shut off privileged access for employees who leave the company. Furthermore, 44% of UK IT decision makers didn’t know what privileged access management is.

“What’s alarming is that most organisations aren’t taking the most basic steps to reduce their risk of being breached,” said Tim Steinkopf, CEO of Centrify.

According to the survey, UK respondents are behind their US counterparts when it comes to managing privileged access. This affects their confidence in the ability to secure their organisations, as only 36% of UK respondents are “very confident” in their company’s current IT security software compared to 65% of US respondents.

Woody & Kleiny: Security, privacy and the next-gen workforce

While some will insist that age is just a number, for enterprises the generational gap has significant implications that are hard to ignore. In this article, I’ll reflect on new research released by Centrify based around this topic as well as hearing from social-media stars Woody & Kleiny to see what they can teach us

“Centrify believes that reason for this increased prioritisation and spending on PAM is the increasingly-modern threatscape that security professionals are facing,” Steinkopf continued. “Today’s environment is much different than when all privileged access was constrained to systems and resources inside the network. Privileged access now not only covers infrastructure, databases and network devices but is extended to cloud environments, Big Data, DevOps, containers and more.”

The survey also found that respondents are not controlling privileged access to these modern use cases, including:

  • 45% are not securing public and private cloud workloads with privileged access controls (53% of UK respondents)
  • 58% are not securing Big Data projects with privileged access controls (63% of UK respondents)
  • 68% are not securing network devices like hubs, switches and routers with privileged access controls (72% of UK respondents)
  • 72% are not securing containers with privileged access controls (73% of UK respondents)

The hidden truth about cyber crime: insider threats

John Andrews, VP, Centrify, explores cyber crime in the UK and the rising tide of privilege access management attacks. He also offers guidelines on how business leaders and employers can avoid or anticipate future cyber attacks

Avatar photo

Andrew Ross

As a reporter with Information Age, Andrew Ross writes articles for technology leaders; helping them manage business critical issues both for today and in the future