46 percent of organisations don't change security strategy even after a cyberattack: report

Survey reveals that overcoming cybersecurity inertia necessitates it becoming central to organisational strategy and behaviour. 

According to the CyberArk Global Advanced Threat Landscape Report 2018, 46 percent of IT security professionals forget to change their security strategy even after experiencing a cyberattack. The annual report highlights that this level of cybersecurity inertia and failure to learn from past incidents puts sensitive data, infrastructure, and assets at risk.

The survey was conducted among 1,300 IT security decision-makers, DevOps, and app developer professionals, and line of business owners, across seven countries worldwide.

Protecting privileged accounts is key to protecting IT infrastructure and critical data. However, during the survey, 89 percent of IT security professionals stated that infrastructure critical data cannot be fully protected unless privileged accounts, credentials, and secrets are secured.

The respondents indicated that the greatest cybersecurity threats they currently face include targeted phishing attacks, insider threats ransomware or malware, unsecured privileged accounts, and unsecured data stored in the cloud.

IT security professionals also pointed out that the proportion of users with local administrative privileges on their endpoint devices increased from 62 percent in the 2016 survey to 87 percent in 2018, a 25 percent jump; this highlights employee demands for flexibility trumping security best practices.

Decoding the factors that could possibly lead to data compromise, the survey brought to the fore that security inertia has infiltrated many organisations, leaving them unable to repel cyber threats and the risks involved.

Data not secured

As per the findings, 46 percent of respondents feel their organisation can’t prevent attackers from breaking into internal networks each time it is attempted while 36 percent report that administrative credentials were stored in Word or Excel documents on company PCs.

Nearly 50 percent admitted that their customers’ privacy or PII (personally identifiable information) could be at risk because their data is not secured beyond the legally-required basics.

Highlighting a dire need to transform the cybersecurity landscape, the survey indicated that overcoming security inertia necessitates it becoming central to organisational strategy and behavior.

The report stated that 86 percent of IT security professionals feel security should be a regular board-level discussion topic while 44 percent said they recognise or reward employees who help prevent an IT security breach, increasing to nearly three quarters (74 percent) in the US.

CyberArk is a global IT security firm headquartered in Petach Tikva, Israel, with its US headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific, and Japan.