More than 550 organizations around the world that deal with highly sensitive information — from health records to government files — have weak or failing cybersecurity programs.
The 2016 State of Privileged Account Management (PAM) Report, slated for a Wednesday release, reveals 52 percent of organizations do not have sufficient security for their PAM systems, which is the personal and identifiable information for online accounts such as passwords.
Despite this, 60 percent of organizations express that password safety is “required to demonstrate compliance with government regulations” and 80 percent consider PAM security a high priority.
In other words, there is a large margin between the need and actual implementation of cybersecurity for confidential accounts.
“Privileged accounts are the machine-based passwords that are used by system administrators, applications and business users,” James Legg, founder and CEO of Thycotic, told The Daily Caller News Foundation in an email.
Protecting such information is critical, since the 2016 Verizon Data Breach report confirmed that 63 percent of all data breaches involve weak or stolen passwords. In other words, hackers love targeting passwords as simple avenues for intruding.
Organizations do not exactly make it difficult for hackers. Twenty percent of organizations never change their default passwords, 30 percent allow accounts and passwords to be shared, 40 percent use the same security for privileged accounts and standard accounts, 50 percent do not audit privileged account activity, and 70 percent do not require approval for creating new accounts, according to the report.
Even though the organizations expressed awareness of the necessity for PAM security, the report finds that their own attempts at defense mechanisms are lackluster.
Sixty six percent “rely on manual methods to manage privileged accounts” and only 10 percent “have implemented an automated security vendor solution.” Thycotic and Cybersecurity Ventures hope that this glaring gap in implementation will have companies and firms all over the world seeking their services and advice.
Legg even detailed how and why such a shortfall exists and what can be done about it.
“IT awareness is not as high as it should be. In the 2016 State of Privileged Account Management Report, four out of 10 companies fail to ensure that their IT security polices regarding passwords are understood by employees,” Legg said. “This puts organizations at risk since human error or malicious intention are frequent causes of security breaches.”
Ensuring that employees are aware of IT security password policies is an important first step in “reducing the risk against both external and internal threats,” he added.
Entities with large amounts of sensitive data, according to the assessment, must develop, define and establish controls and best practices for IT security.
That is precisely why Thycotic built the Privilege Password Vulnerability Benchmark, a tool that provides an organization with a grade and analysis of its cybersecurity infrastructure and overall performance. This enables IT personnel to diagnose any problems with their organization’s cybersecurity capacity and pinpoint areas of improvement in a convenient and expedient way.
This is very vital because many breaches are discreet. Legg explained:
Hijacking the privileged credentials of an authorized user, an attacker can easily blend in with the legitimate traffic and be extremely difficult to detect. This makes it more difficult for organizations to detect a breach in which the average dwell time today is more than 200 days meaning that most breaches go undetected for many months.
The alarming survey results signal that “many organizations throughout the world need to take action immediately” in order to safeguard sensitive information that could compromise an organization’s whole operation and very existence.
Thycotic is a major cybersecurity vendor based in Washington, D.C., and Cybersecurity Ventures is a research and market intelligence firm focused on emerging companies.
Send tips to email@example.com.
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact firstname.lastname@example.org.