Organizations report feeling prepared to combat cyberthreats, but are overconfident in their ability to do so, according to a recent report from Centrify.
The report surveyed 1,300 organizations across 11 industries in the US and Canada. While 93% of organizations reported that they are “somewhat prepared” to fight threats involving privileged access, their approaches to doing so are not sophisticated, the report found.
SEE: You’ve been breached: Eight steps to take within the next 48 hours (free PDF) (TechRepublic)
For 43% of organizations, their privileged access management approach is “nonexistent,” according to the survey, while for 21%, it is “vault-centric.” More sophisticated organizations (15%) take an “identity-centric” approach, trying to limit shared and local privileged accounts and replace them with centralized identity management and authentication practices, the survey found.
The most protected organizations are considered “mature” (21%), and address privileged access management by hardening their environment beyond vault- and identity-centric techniques, with initiatives such as centralized management of service and app accounts, and enforcing host-based session, file, and process auditing, the report noted.
In terms of the solutions being used to control privileged access, 52% of organizations report using shared accounts for doing so, while 58% of organizations said they do not use multi-factor authentication for privileged administrative access to servers, the report added. Another 51% of respondents said they do not control access to transformational technologies with privileged access, including common attack surfaces like cloud workloads (38%), big data projects (65%), and containers (50%).
“This survey indicates that there is still a long way to go for most organizations to protect their critical infrastructure and data with mature Privileged Access Management approaches based on Zero Trust,” Tim Steinkopf, CEO of Centrify, said in a press release. “We know that 74% of data breaches involve privileged access abuse, so the overconfidence these organizations exhibit in their ability to stop them from happening is concerning.”
For more, check out How to get users on board with two-factor authentication on TechRepublic.