- Category: August 2013 - Data Protection & Security
Cyber-Ark’s 2013 Global Advanced Threat Landscape survey was published in June this year and reflects the challenges that global organizations face in dealing with a significant increase in advanced targeted attacks. Here is a summary for your convenience.
The survey report is the result of interviews with 989 IT security and C-level executives across North America, Europe, and Asia Pacific, concluding the primary findings:
Advanced attacks represent grave threats to national security, business and the economy
Businesses are facing more sophisticated, advanced targeted attacks in recent years, especially companies and organizations that fall under the banner of critical infrastructure, such as electricity generation, gas production, oil, water supply, telecommunications, financial services, etc.
Recent news reports on nation-based attacks out of Iran and China on US infrastructure, the DDoS attacks on South Korea’s financial system, and more, have increased awareness of the growing threat of cyber-attacks. On a daily basis it seems, businesses are victims of IP theft and are faced with attacks that steal customer data, inflict reputational damage and cost large amounts of time and money to resolve. The survey reveals that these increasing attacks have had a significant impact on the global view of the threat cyber-attacks represent:
- 80% of respondents now believe that cyber-attacks pose a greater threat to their nation than physical attacks;
- In the face of this threat, 61% of respondents believe that government/legislative efforts can protect critical infrastructure against advanced threats.
The failure of perimeter security – attackers are already inside
Advanced attacks are almost always precipitated by perimeter-oriented tactical aggressions, such as e.g. phishing. The increasing ease with which cyber-attackers breach perimeter security has generated considerable discussion of the on-going value of perimeter security. The survey results show:
- 57% of respondents believe their company puts too much faith in perimeter security;
- 51% of respondents believe a cyber-attacker is currently on their network, or has been on their network in the past year.
Privileged accounts as advanced threat vulnerabilities
It’s been firmly established through multiple industry reports that privileged accounts have emerged as the primary target for advanced enterprise attacks. ‘Privileged accounts’ consist of privileged and administrative accounts, default and hardcoded passwords, application backdoors and more, and can be found in any device with a microprocessor, including PCs, databases, networked devices like copiers, operating systems and more.
Businesses have traditionally managed privileged accounts as an audit check box. The survey results demonstrate that privileged accounts have transitioned from primarily an audit concern to an advanced threat security concern, with more businesses viewing them as a critical part of their security strategy:
- 64% of respondents indicated that they now manage privileged accounts as an advanced threat security vulnerability;
- Despite this awareness, 39% of respondents either don’t know how to identify where privileged accounts exist, or they are doing so manually. In a previous survey, Cyber-Ark discovered that 86% of large enterprises either do not know, or have grossly underestimated the magnitude of their privileged account security problem.
Companies losing privilege controls in the cloud
Despite growing awareness of the critical role unmanaged privileged accounts play in APTs, the majority of organizations are not applying this lesson across their entire infrastructure. As more organizations outsource infrastructure to cloud providers, it’s critical they identify and understand how providers, partners, customers and anyone with access to their network manages their privileged accounts.
The survey results demonstrate that the majority of companies are unaware of whether their cloud service providers employ privileged account security:
- 56% of respondents do not know what their cloud service providers are doing to protect and monitor privileged accounts;
- 25% of respondents felt they were better equipped to protect their company’s confidential information than their cloud service provider – and yet they still entrust their information to the third party.
The survey demonstrates that while the industry is acutely aware of the threat that today’s cyber-attackers pose, there is still a lot of work to do to fully secure the enterprise from advanced threats.
With more attackers assumed to have breached the perimeter, Cyber-Ark recommends taking a proactive approach to security, focused first on securing the critical data and assets that attackers covet, and only then moving outward towards the perimeter to the initial access point.
Cyber-Ark’s best practice recommendations for preventing privileged account compromise:
- Isolate, monitor and control every access point to all critical business systems;
- Change default passwords on all servers, databases, applications and network devices;
- Remove hard-coded passwords from scripts, configuration files and applications;
- Employ technical means of automatically enforcing enterprise password policies;
- Control access by enforcing least privilege;
- Use multi-factor authentication for access to privileged accounts;
- Increase password complexity;
- Use a unique password for each local administrator account;
- Remove local administrator rights from the majority of users;
- Reduce the number of privileged domain-wide service accounts
- Automatically change passwords on a periodic basis and immediately upon suspicion of misuse;
- Monitor and record all activities associated with administrative and privileged accounts;
- Implement tamper-proof logging, auditing, and alerting on privileged access.
However, the survey shows that motivated attackers will find a way into the network and that a comprehensive privileged account security solution can deny the attacker the easy path to compromising a network. For more information about the survey or the Cyber-Ark solutions, please visit www.cyber-ark.com.