Despite a high awareness of potential problems, there is a distinct lack of follow-through in implementing security best practices for the protection and management of privileged account credentials. Some of the most disturbing findings show that:
According to the 2016 State of Privileged Account Management (PAM) Report from Thycotic and Cybersecurity Ventures, one in five organizations (20%) have never changed their default passwords on privileged accounts. But, 80% of respondents consider PAM security a high priority.
Further, 30% of organizations still allow accounts and passwords to be shared, and 40% use the same security for privileged accounts as standard accounts.
“While awareness is high among organization on the importance of securing privileged accounts, according to results found in our survey, many organizations still fall short when it comes to adopting and maintaining best practices in the protection of privileged account credentials,” said James Legg, president and CEO at Thycotic. “There are some serious gaps in the enforcement of basic security measures when it comes to securing privileged account credentials.”
In the majority of data breaches, stolen credentials and privileged accounts continue to be the main target for hackers because they unlock the access required to exploit virtually any part of an organization's network, including critical and sensitive data.
Yet the survey also found that 70% of organizations do not require approval for creating new privileged accounts, and half of them do not audit privileged account activity.
This, despite the fact that 60% of respondents indicate that PAM security is required to demonstrate compliance with government regulations.
“Weak privileged account management is a rampant epidemic at large enterprises and governments globally," said Steve Morgan, founder and CEO at Cybersecurity Ventures. "Privileged accounts contain the keys to the IT kingdom, and they are a primary target for cyber-criminals and hackers-for-hire who are launching increasingly sophisticated cyber-attacks on businesses and costing the world's economies trillions of dollars in damages. We expect the needle on automated (PAM) solutions adoption to move fairly quickly into the 50% range over the next two years."
Photo © Zurainy Zain