Poor security ‘hygiene’ persists despite rise in threat awareness due to major cyberattacks

Headline-making cyberattacks have driven significant increases in cyber security awareness in the business world but this hasn’t necessary led to best practice security measures being enforced, according to CyberArk.  

The information security company commissioned independent research firm Vanson Bourne to undertake a survey of 750 IT and IT security decision makers, worldwide, examining whether public and private organisations are applying lessons from high-profile cyberattacks.

Eight in ten (79%) respondents said their organisations had learned major cyber-attacks and taken appropriate action to improve security; chiefly, malware detection (25%), endpoint security (24%) and security analytics (16%).

Meanwhile, three in four respondents were now confident they could prevent their internal network from being hacked (up from 44% last year), and faith in the cyber security leadership of CEOs and board of directors among respondents was at 67% (up from 57% in 2015).

Although 55% of respondents said their organisations had changed or evolved processes for managing privileged accounts, 40% of organisations continued to store privileged and admin passwords in a Word document or spreadsheet, and 28% used a shared server or USB stick. Further, one in two organisation (49%) allowed third-party vendors such as supply chain and IT management firms to remote access to their internal networks.

While 95% or organisations maintained a cybersecurity emergency response plan, less than half (45%) communicated and regularly tested their plan with all IT staff.

68% of organisations cite losing customer data as one of their biggest concerns following a cyber attack, while 57% of respondents are not completely confident in their cloud provider’s ability to protect their data. Nevertheless, 60% of organisations who use the cloud store customer data in it.

John Worrall, chief marketing officer at CyberArk said the findings indicate that “organisations undermine their own efforts by failing to enforce well-known security best practices around potential vulnerabilities associated with privileged accounts, third-party vendor access and data stored in the cloud.”

He continued, “There’s a fine line between preparedness and overconfidence. The majority of cyberattacks are a result of poor security hygiene – organisations can’t lose sight of the broader security picture while trying to secure against the threat du jour.”

Related Stories