A recent survey conducted by CyberArk has found that a staggering 50% of organisations believe that they cannot stop any number of cyber-attacks they may fall victim to. The Global Advanced Threat Landscape 2019 Report surveyed 1,000 IT security personnel from around the world, in an effort to examine each organisation’s engagement with cybersecurity, as trends continue to see businesses transition to totally digital systems. These transitions to digital systems have also seen the number of cyber-attacks increase each year, and many organisations are struggling to keep up.
CyberArk’s primary focus is on privileged access security strategies where, according to their latest findings, less than half of organisations surveyed admitted to not having a strategy at all. 84% of organisations stated that their critical data and infrastructure is not protected unless accounts and credentials are also secured.
The survey also references Verizon’s 2019 Data Breach Investigations Report, which found that 70 percent of cyber attacks use stolen credentials, and without a proper privileged access security strategy and policy, these stolen credentials could potentially be used to gain unauthorised access to many other areas of IT infrastructure.
Despite the recent enaction of regulations such as the EU’s GDPR and Australia’s Notifiable Data Breach Scheme, according to the survey, 41% of organisations find that paying a fine for non-compliance after a successful attack is preferable over changing (or implementing) security policy. This is particularly troubling due to the existence of a phenomenon known as “death by data”, whereby successful cyber-attacks lead to the eventual bankruptcy of an organisation. The NSW Business Chamber last year found that 80% of Australian SMEs targeted by cyber-attacks go bankrupt within 12 months of the attack. This was also discussed in our 2019 Cybersecurity Forecast article.
These figures are very alarming, and it is evident that organisations are not taking the security of their digital assets as seriously as they should. Unfortunately, it seems that many organisations do not yet comprehend the long-lasting effects that a cyber-attack can have on a business, and are unwilling to invest in the protection of their digital assets. Security has long been the downfall of many organisations around the world, and while many businesses are investing heavily in cybersecurity, many are not.
This is concerning for not just the organisations, but their customers. Their data stored by the organisation is also at a great risk, and a cyber-attack could greatly affect them too.
What can you do?
The protection of digital assets should be at the forefront of any discussion concerning the implementation of a new digital system or service. As previously stated, a security breach can in some instances even lead to the closure of a business. Strong security policy is very important, and promoting a strong security culture in the workplace is a large part of it. 70% of cyber-attacks use stolen credentials to gain access to critical IT infrastructure, and a solid privileged access security strategy is an excellent place to start.
Need assistance? Agilient’s consultants are experts in cybersecurity strategy and policy. We specialise in helping Australian organisations construct and implement strong, effective policies that will significantly reduce the attack surface that malicious actors may attempt to exploit to gain access to your organisation’s critical assets. If you’d like more information about how we can help your organisation, contact us today.
Author: Jack Schofield, Agilient Consultant.