When it comes to what works and doesn’t work for protecting critical data, nearly one third (32%) of respondents at the recent Black Hat conference said that accessing privileged accounts was the number one choice for the easiest and fastest way to get access to critical data.
The survey, carried out by Thycotic, found that was followed closely by 27% indicating access to user email accounts was the easiest path to disclosing sensitive data.
Additionally, 85% of respondents blame humans for security breaches, more so than the lack of security or unpatched software. For instance, more than a third (35%) said that remembering and changing passwords is the top source of cybersecurity fatigue.
The focus on hacking privileged and email accounts reflects a recognition on the part of hackers that traditional perimeter security is no longer an effective barrier to getting inside networks and gaining access to critical data. Findings from the survey indicate that 73% of hackers believe traditional security perimeter of firewalls and antivirus are irrelevant or obsolete.
In fact, antivirus and anti-malware are considered the “least effctive and easiest to get past” security technologies by 43% of the Black Hat survey respondents, followed by firewalls (cited by 30% of Black Hat respondents).
“Given that privileged accounts are prime targets for hackers, IT professionals should consider the opinions of the hackers themselves when it comes to protecting privileged accounts,” said Joseph Carson, chief security scientist, Thycotic. “In today’s connected world, organizations can no longer rely only on the traditional cybersecurity perimeter controls.”
Hackers also view threat Intelligence solutions as one of the least effective security protections, along with reputation feeds and education/awareness; however, multi-factor authentication (38%) and encryption (32%) are their biggest obstacles, according to the survey.
“Hackers are focusing more on gaining access to privileged accounts and email passwords by exploiting human vulnerabilities allowing the hacker to gain access abusing trusted identities,” noted Carson. “More than ever, it is critical for businesses to mitigate these risks by implementing the right technologies and process to ward off unsuspecting attacks and access to sensitive data.”