Study Reveals Privileged Credential Abuse is Involved in 74 Percent
of Data Breaches, Yet Over Half of Organizations are Not Taking Basic
Steps to Prevent It
SANTA CLARA, Calif.–(BUSINESS WIRE)–Centrify,
a leading provider of cloud-ready Zero Trust Privilege to secure modern
enterprises, today announced results of a new survey revealing that most
IT decision makers are not prioritizing Privileged Access Management
(PAM) practices and solutions, despite knowing privileged credential
abuse is involved in almost three out of every four breaches.
The survey of 1,000 IT decision makers evenly split between the U.S. and
U.K. found that, of those whose organizations have experienced a breach, 74
percent acknowledged it involved access to a privileged account.
This number closely aligns with Forrester’s estimate that 80 percent of
security breaches involve compromised privileged credentials1.
DOWNLOAD THE SURVEY REPORT NOW: http://bit.ly/CentrifySurvey
However, despite being aware that they’ve been breached, most companies
are still extremely immature in their PAM journey, and are granting too
much trust and privilege. More importantly, they are not taking even the
simplest measures to reduce risk and secure access to sensitive data and
critical infrastructure. For example:
- 52 percent of respondents do not have a password vault
65 percent are still sharing root or privileged access to
systems and data at least somewhat often
63 percent indicate their companies usually take more than one
day to shut off privileged access for employees who leave the company
21 percent still have not implemented Multi-Factor
Authentication (MFA) for privileged administrative access
“Forrester had already estimated that privileged credential abuse was
the leading attack vector, but now we have the empirical research to
back it up,” said Tim Steinkopf, CEO of Centrify. “What’s alarming is
that most organizations aren’t taking the most basic steps to reduce
their risk of being breached. It’s not surprising that Forrester has
found 66 percent of companies have been breached five or more times2.
It’s well past time to secure privileged access with a Zero Trust
approach, and many organizations can significantly harden their security
posture with low-hanging fruit like a password vault and MFA.”
The survey also revealed that, generally, respondents in the U.K. are
behind their U.S. counterparts when it comes to securely managing
privileged access. Forty-four percent of U.K. IT decision makers
surveyed were not positive what Privileged Access Management is, and 60
percent do not have a password vault. This also affects their
confidence in the ability to secure their organizations, as only 36
percent of U.K. respondents are “very confident” in their company’s
current IT security software compared to 65 percent of U.S.
IT practitioners should consider that critical and fundamental security
controls such as PAM are enablers for Digital Transformation, which was
the top choice listed by respondents when asked which projects they’d
prefer to work on. Industry research firm Gartner predicted Privileged
Access Management (PAM) to be the second-fastest growing segment for
information security and risk management spending worldwide in 20193.
PAM was also named a Top 10 security project for 20194.
“Centrify believes that reason for this increased prioritization and
spending on PAM is the increasingly-modern threatscape that security
professionals are facing,” Steinkopf continued. “Today’s environment is
much different than when all privileged access was constrained to
systems and resources inside the network. Privileged access now not only
covers infrastructure, databases and network devices, but is extended to
cloud environments, Big Data, DevOps, containers and more.”
Indeed, the survey found that respondents are not controlling privileged
access to these modern use cases, including:
45 percent are not securing public and private cloud workloads
with privileged access controls
58 percent are not securing Big Data projects with privileged
68 percent are not securing network devices like hubs, switches
and routers with privileged access controls
72 percent are not securing containers with privileged access
Centrify is redefining legacy approaches to PAM with cloud-ready Zero
Trust Privilege. To download a complimentary copy of the survey results,
please visit http://bit.ly/CentrifySurvey.
For more information about Centrify Zero Trust Privilege, visit https://www.centrify.com/education/what-is-zero-trust-privilege/
1 Forrester, “The Forrester Wave™: Privileged Identity
Management, Q4 2018,” November 14, 2018.
2 “Stop The
Breach: Reduce The Likelihood Of An Attack Through An IAM Maturity
Model,” a commissioned study conducted by Forrester Consulting on behalf
of Centrify, February 2017.
3 Gartner, Forecast
Analysis: Information Security and Risk Management, Worldwide, 3Q18
Update, Rustam Malik | Deborah Kish | Christian Canales | Ruggero Contu
| Sid Deshpande | Elizabeth Kim | Dale Gardner, 12 December 2018.
Gartner, Top 10 Security Projects for 2019, Brian Reed | Neil MacDonald
| Peter Firstbrook | Sam Olyaei | Prateek Bhajanka, 11 February 2019.
Centrify is redefining the legacy approach to Privileged Access
Management by delivering cloud-ready Zero Trust Privilege to secure
modern enterprise attack surfaces. Centrify Zero Trust Privilege helps
customers grant least privilege access based on verifying who is
requesting access, the context of the request, and the risk of the
access environment. By implementing least privilege access, Centrify
minimizes the attack surface, improves audit and compliance visibility,
and reduces risk, complexity and costs for the modern, hybrid
enterprise. Over half of the Fortune 100, the world’s largest financial
institutions, intelligence agencies, and critical infrastructure
companies, all trust Centrify to stop the leading cause of breaches –
privileged credential abuse.
Centrify is a registered trademark of Centrify Corporation in the United
States and other countries. All other trademarks are the property of
their respective owners.