Survey: 38 Percent of Organisations in Singapore Rarely Change Security Strategy After a Cyber Attack
CyberArk survey findings show organisations must prioritise securing privileged accounts and credentials in the cloud, on endpoints and across IT environments
SINGAPORE – March 1, 2018 – According to the CyberArk Global Advanced Threat Landscape Report 2018, more than a third (38 percent) of respondents in Singapore stated they rarely change their security strategy substantially – even after experiencing a cyber attack. This level of cyber security inertia puts sensitive data, infrastructure and assets at risk.
Security Starts with Protecting Privileged Accounts
An overwhelming number of respondents in Singapore believe securing an environment starts with protecting privileged accounts – 93 percent stated that IT infrastructure and critical data are not fully protected unless privileged accounts, credentials and secrets are secured.
Singapore respondents named the greatest cyber security threats they currently face, including:
· Ransomware or malware (63 percent)
· Insider threats (60 percent)
· Unsecured privileged accounts (54 percent)
· Targeted phishing attacks (52 percent)
· Unsecured data stored in the cloud (45 percent)
“To build cyber resilience, organisations in Singapore must prioritise what can be done to mitigate threats during an attack in order to effectively protect the company from financial harm and reputational damage,” said Vincent Goh, Vice President, Asia Pacific Japan, CyberArk. “Locking down privileged accounts is critical to keeping pace with today’s highly skilled threat actors. However, what we see in practice is a rush to invest in ‘latest-and-greatest’ new security technology; a scattergun approach that lacks the necessary focus on what is truly important to manage and secure.”
The inertia that could lead to data compromise
The survey findings suggest that security inertia has infiltrated many organisations, with an inability to repel or contain cyber threats – and the risks that this might result in – supported by other findings:
· 36 percent say their organisation can’t prevent attackers from breaking into internal networks each time it is attempted
· 34 percent report that administrative credentials were stored in Word or Excel documents on company PCs
· Almost half (47 percent) admit that their customers’ privacy or PII (personally identifiable information) could be at risk because their data is not secured beyond the legally-required basics
Inertia towards securing credentials and data in the cloud create cyber risk
The automated processes inherent in cloud and DevOps mean privileged accounts, credentials and secrets are being created at a prolific rate. If compromised, these can give attackers a crucial jumping-off point to achieve lateral access to sensitive data across networks, data and applications or to use cloud infrastructure for illicit crypto mining activities. Organisations increasingly recognize security in the cloud is a shared burden, and they cannot depend solely on their cloud providers’ cyber security. The survey found that:
· More than a third (39 percent) of organisations have no privileged account security strategy for the cloud
· More than half (59 percent) defer on cloud security to their vendor, relying on built-in security capabilities
· 37 percent stated their cloud provider doesn’t deliver adequate protection
Changing the Security Culture
To move from cyber security inertia to action necessitates it becoming central to organisational strategy and behaviour, not something that is dictated by competing commercial needs. According to the survey:
· 89 percent of Singapore respondents feel security should be a regular board-level discussion topic
· 47 percent said they recognize or reward employees who help prevent an IT security breach, increasing to nearly three quarters (74 percent) in the U.S.
· Just 9 percent of companies in Singapore continuously perform Red Team exercises to uncover critical vulnerabilities and identify effective responses
“Building awareness of modern cyber security and privacy threats, processes and technologies is just the first step toward an active defence. Companies must show greater urgency to enable cyber security resilience by prioritising cyber security risk at the same level as wider business and financial risks,” continued Goh. “Understanding how new technologies – like cloud and DevOps – affect the attack surface is a crucial component of this, as well as the ability to adopt a ‘think like an attacker’ mindset.”
About the CyberArk Global Advanced Threat Landscape Report 2018
The CyberArk Global Advanced Threat Landscape Report 2018 is the 11th in the series. The survey was conducted by Vanson Bourne among 1,300 IT security decision makers, DevOps and App Developer professionals and line of business owners, across seven countries worldwide.
About CyberArk
CyberArk (NASDAQ: CYBR) is the global leader in privileged account security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organisations, including more than 50 percent of the Fortune 100, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan. To learn more about CyberArk, visitwww.cyberark.com, read the CyberArk blogs or follow on Twitter via @CyberArk, LinkedIn or Facebook.
CyberArk (NASDAQ: CYBR) is the global leader in privileged account security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organisations, including more than 50 percent of the Fortune 100, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan. To learn more about CyberArk, visitwww.cyberark.com, read the CyberArk blogs or follow on Twitter via @CyberArk, LinkedIn or Facebook.
# # #
Copyright © 2018 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!