Report: Tight budgets and a lack of executive support are causing critical security controls to fall by the wayside. 60 percent of IT decision-makers are prevented from implementing an adequate IT security strategy
More than half of IT security decision-makers (60%) believe that their IT security strategy is not keeping up with the current threat situation, according to a survey* by Delinea, the specialist for privileged access management (PAM) solutions. for seamless security, shows. 20 percent of the security professionals surveyed think that they are lagging behind with their security practices, 13 percent believe they are standing still, and only 27 percent are even trying to do justice to the threat situation.
Perceived and actual security diverge
The survey of almost 2.100 security decision-makers worldwide also reveals differences between the perceived and actual effectiveness of security practices. Although 40 percent of those surveyed believe they have an adequate security strategy in place, 84 percent admitted that their organization had experienced an identity-related compromise or attack that resulted from stolen credentials in the last year and a half.
Identity security is a priority
On the positive side, many companies are willing to change and optimize, especially when it comes to protecting identities. In fact, 90 percent of respondents say their organizations fully recognize the importance of identity security to meeting their business goals, with 87 percent citing securing identities as a top security priority over the next 12 months.
At the same time, three quarters (75%) of IT and security professionals fear that their IT security strategy falls short when it comes to protecting privileged identities because they do not have the necessary support – be it through appropriate budgets or the alignment of senior management. For example, 63 percent of respondents said their organization's senior management does not yet fully understand identity security and the role it plays in enabling better business operations.
"While business leaders have come to recognize the importance of identity security, the vast majority of security teams are not getting the support and budget they need to implement key security controls and solutions that help them mitigate their greatest risks," comments Joseph Carson , Chief Security Scientist and Advisory CISO at Delinea. "This means that the majority of businesses will continue to be unable to adequately protect their privileges, leaving them vulnerable to cybercriminals targeting their privileged accounts."
Missing guidelines for IT security strategy
The study shows that, despite good intentions, companies still have a long way to go when it comes to securing privileged identities and access. Less than half of the companies surveyed have implemented ongoing security policies and processes for managing privileged access, such as: B. a rotation or approval of passwords, time or context-based security or privileged behavior monitoring, such as. B. Records and Audits. Of even greater concern, more than half of all respondents (52%) allow privileged users to access sensitive systems and data without requiring multi-factor authentication (MFA).
And the report also brings to light another dangerous omission: Although in addition to the privileged identities that are worthy of protection, human users such as domain and local administrators as well as non-human identities such as service accounts, application accounts, code and other types of machine Identities that automatically connect and share privileged information often go under the radar. Only 44 percent of organizations adequately manage and secure these machine identities, while the majority leave them unprotected, leaving them vulnerable to attack.
Wanted: the weakest link in the chain
"Cybercriminals are always looking for the weakest link, and overlooking 'non-human' identities - especially in times when they are growing faster than human users - greatly increases the risk of privilege-based attacks," said Joseph Carson. “When attackers target machine and application identities, they can easily hide and roam the network to find the best place to attack where they can do the most damage. It is therefore essential for organizations to ensure that machine identities are included in their security strategies and also follow best practices when it comes to protecting all of their IT 'superuser' accounts which, if compromised, will bring the entire organization to a standstill can bring."
Background of the report
The independent market research company conducted the survey on behalf of Delinea SAPIO RESEARCH in June 2022 a total of 2.100 IT security decision-makers from 23 countries, including 100 from Germany. The sample is cross-industry and the interviews were conducted online using a rigorous multi-stage screening process.
More at delinea.com
About Delinea Delinea is a leading provider of Privileged Access Management (PAM) solutions that enable seamless security for modern, hybrid businesses. Our solutions enable organizations to secure critical data, devices, code and cloud infrastructure to reduce risk, ensure compliance and simplify security. Delinea removes complexity and redefines access for thousands of customers worldwide, including more than half of the Fortune 100 companies. Our customers range from small businesses to the world's largest financial institutions, organizations and critical infrastructure companies.