Most businesses 'overconfident' in their ability to stop cybersecurity breaches

Some 93% of organizations said they feel prepared against cyberthreats, though they lack common cyber best practices, according to a Centrify report.

Why passwords are a terrible method of authentication BioCatch's VP Frances Zelazny explains how biometric security could soon replace passwords.

Organizations report feeling prepared to combat cyberthreats, but are overconfident in their ability to do so, according to a recent report from Centrify.

The report surveyed 1,300 organizations across 11 industries in the US and Canada. While 93% of organizations reported that they are "somewhat prepared" to fight threats involving privileged access, their approaches to doing so are not sophisticated, the report found.

SEE: You've been breached: Eight steps to take within the next 48 hours (free PDF) (TechRepublic)

For 43% of organizations, their privileged access management approach is "nonexistent," according to the survey, while for 21%, it is "vault-centric." More sophisticated organizations (15%) take an "identity-centric" approach, trying to limit shared and local privileged accounts and replace them with centralized identity management and authentication practices, the survey found.

The most protected organizations are considered "mature" (21%), and address privileged access management by hardening their environment beyond vault- and identity-centric techniques, with initiatives such as centralized management of service and app accounts, and enforcing host-based session, file, and process auditing, the report noted.

In terms of the solutions being used to control privileged access, 52% of organizations report using shared accounts for doing so, while 58% of organizations said they do not use multi-factor authentication for privileged administrative access to servers, the report added. Another 51% of respondents said they do not control access to transformational technologies with privileged access, including common attack surfaces like cloud workloads (38%), big data projects (65%), and containers (50%).

"This survey indicates that there is still a long way to go for most organizations to protect their critical infrastructure and data with mature Privileged Access Management approaches based on Zero Trust," Tim Steinkopf, CEO of Centrify, said in a press release. "We know that 74% of data breaches involve privileged access abuse, so the overconfidence these organizations exhibit in their ability to stop them from happening is concerning."
 
For more, check out How to get users on board with two-factor authentication on TechRepublic.
 

Also see

By Alison DeNisco Rayome

Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.