This post is also available in: עברית (Hebrew)
The global yearly survey of cyber threats performed by “Cyber Arc”: 80% of senior managers consider cyber attacks as a greater national threat than any physical threat on their country * Over 50% of the respondents think that hackers already exist in their organizational network * A steep increase in awareness of cyber threats alongside lack of preparedness: 57% ‘trust perimeter protection means too much`.
Chen Bitan, CEO of Cyber Arc Israel: “The business success of an organization depends on its capability to protect its critical systems. The field of information security is shifting awareness and responsibility to the level of the company CEO and not only the IT manager”
80% of senior managers think that a cyber attack is more dangerous to their country than a physical attack. Additionally, 51% believe that a cyber attacker is present right now in the computer network of their organization, or that he had a presence in the organizational network during last year. This research is part of the “arena of advanced threats” survey, a global yearly survey organized by the Israeli information security company Cyber Arc for the seventh consecutive year in a row. The survey is based on interviews with 989 managers at the level of President/Vice-president and with IT managers from over the entirety of the United States, Canada, Europe and Asia Pacific.
The survey of this year shows a steep rise in the industry managers` awareness of threats from cyber attackers. Among the reasons for the rise in awareness – repeating reports on cyber attacks by countries on critical infrastructures and business organizations, combined with reports on intruding into the most sensitive information assets, such as the latest NSA affair.
From analysis of the findings it can be seen that in spite of the high awareness, the companies and business organizations have a lot of work to do in order to protect the organization from a focused attack. Cyber attackers continue breaking into the organizational computer networks at an increasing rate. Therefore the companies need to assume that the attackers have already penetrated the organizational network, and to focus on protecting the access to sensitive assets and information that the attackers are interested in obtaining.
Additional finds from the survey:
Out of the organizations penetrated in the last year – 44% of the managers think that the result of the penetration was theft of sensitive information or intellectual property of the company.
61% of the respondents around the world believe that combined governmental and legal activities can help in protection of critical infrastructures against advanced threats. In the US the percentage of believers is the lowest, with only 57% of the respondents believing that jurisdiction can be an effective means, as opposed to 64% of respondents in Europe and 61% in Asia and Pacific.
Failure of the perimeter protection – the attacker is already in the network:
Focused attacks almost always start with a tactical attack aimed at perimeter defense system, such as phishing attempts. The growing ease with which the hackers penetrate the organizational perimeter defense erodes the managers` trust of the perimeter defense.
57% of the respondents believe that their organization over-trusts the perimeter protection and anti-virus.
51% of the respondents believe that a cyber attacker is at present in their network, or was in the last year.
High authorization (privileged) accounts – a central target of focused attacks
64% of the respondents noted that they consider privileged accounts in the organization as a high vulnerability point of information security. Also industry research on attacks executed last year shows that privileged accounts became a central target of focused attacks. Privileged accounts include high authorization accounts of infrastructure specialists, high authorization business accounts, accounts for management of organizational systems’ accounts used by applications, emergency accounts and others. In an average organization there are 4 times more privileged accounts than personal ones.
In spite of growing awareness, 39% of the survey respondents cannot say where the privileged accounts of their organization are, nor are they able to identify them manually.
The last survey by Cyber Arc (May 2013) shows that 86% of the big companies do not know or are greatly mistaken in estimating the amount of privileged accounts in their organization and the severity of information security problems caused by this fact.
Companies lose control of privileged accounts in a cloud environment
56% of the survey respondents do not know what their provider of cloud services is doing in order to protect and monitor their privileged accounts.
25% of the survey respondents felt they are better equipped for protection of sensitive information than their cloud provider – and still, they deliver the information to providers and third parties.
According to Bitan, “ The field of information security is moving to the level of awareness and responsibility of the company CEO and not only the IT manager. The subject of protecting critical systems has become a central subject in the agenda of management meetings, also in Israel, and the organizations understand that their capabilities and business success are directly dependent on their ability to protect the critical systems of the organization.” He added that “the fact that more than half of the managers in the survey are sure that the attackers have already penetrated the organization, and the relative ease with which perimeter defense systems can be bypassed, emphasizes the need of organizations for inside out security, focusing on protecting quality targets towards which the attackers are aiming. Therefore, Cyber Arc recommends to isolate, monitor and control all access points of any sensitive system of the organization, assuming that the attacker is already there. In this way, intruders who have already succeeded in penetrating the perimeter protection system will find closed doors in the organizational network in their attempt to access the sensitive systems. In 100% of the successful attacks disclosed in the last two years the attacker used privileged accounts in order to achieve access to sensitive assets of the company. The technology of Cyber Arc drains the access of privileged accounts to all the sensitive information assets of the organization into a central security system, controlling and monitoring access to these assets, and is able to detect suspicious activities by means of advanced analysis capabilities, disconnecting the attacker immediately from any sensitive information asset.