Despite report after report and one high-profile incident after another, executives and IT professionals are still naïve about security: 55% believe they can detect an attacker on the network within minutes, hours or a few days. Even more shocking, 44% believe they can keep attackers off a network entirely.
Wherefore this magical thinking? CyberArk’s 9th Annual Global Advanced Threat Landscape Survey found that one of the problems is that execs place blame where it doesn’t belong: 48% blame poor employee security habits for breaches, while 29% believe that only the most sophisticated attackers could break through.
“It is no longer acceptable for organizations to presume they can keep attackers off their network,” said John Worrall, CMO, CyberArk. “The most damaging attacks occur when privileged and administrative credentials are stolen, giving the attacker the same level of access as the internal people managing the systems. This puts an organization at the mercy of an attacker’s motivation—be it financial, espionage or causing harm to the business.”
And indeed, a full 61% believe that privileged account takeover is the most difficult stage of an attack to stop—up from 44% last year. The concern is now three times more common than those who thought stopping the advancement of malware installed on a network was the most challenging stage (21%) and almost five times more than the 12% that cited the reconnaissance phase by the attackers being the most difficult to mitigate.
This is encouraging: As demonstrated by attacks on Sony Pictures, the U.S. Office of Personnel Management (OPM) and more, once attackers steal privileged accounts, they can conduct a hostile takeover of network infrastructure or steal massive amounts of sensitive data. These powerful accounts give attackers the same control as the most powerful IT users on any network. By being able to masquerade as a legitimate insider, attackers are able to continue to elevate privileges and move laterally throughout a network to exfiltrate valuable data.
CyberArk analyzed potential discrepancies between these damaging cybersecurity threats and organizations’ confidence in being able to defend themselves. While there is increasing awareness about the connection between privileged account takeover as a primary attack vector and recent, high profile breaches, many organizations are still focusing on perimeter defenses.
In reality though, organizations must be able to protect against more devastating compromises happening inside the network, like Overpass-the-Hash, Silver Ticket and Golden Ticket, which are types of Kerberos attacks. These can enable complete control over a target’s network by taking over the domain controller.
“The survey points to increasing awareness of the devastating fallout of privileged account takeover, which we hope will continue to spur a ripple effect in the market as organizations acknowledge they must expand security strategies beyond trying to stop perimeter attacks like phishing,” Worral said.