Comments
Cyberattacks aimed at credential theft are on the rise according to a new survey released by CyberArk titled “The CISO View 2021 Survey: Zero Trust and Privileged Access.’
According to the survey, 97 per cent of senior security executives said that attackers are increasingly trying to steal one or more types of credentials.
“As organisations move assets to the cloud, increase third-party access to corporate resources, and enable sustained remote work models, attackers are targeting non-traditional user populations that may not be adequately protected,” the report said.
End users are increasingly facing such attacks including business users with access to sensitive data. 56 per cent of respondents reported that such users as being increasingly targeted by attackers.
Attacks are also increasing against senior leadership (48 per cent), third-party vendors and contractors (39 per cent), and DevOps and cloud engineers (33 per cent).
Attackers are trying to gain access to personal and financial data through such attacks.
“Widespread increases in credential theft attempts were reported for personal data (70 per cent) and financial systems and data (66 per cent). This is clear evidence of attackers’ interest in gaining “high-value” access – access to highly sensitive systems that are often held by end-users rather than administrators for example,” the report said.
Zero Trust approach
Organisations are improving their security systems in response with many adopting a Zero Trust model. 88 per cent of respondents said that adopting more of a Zero Trust approach is “very important” or “important.”
Organisations are prioritising controls focusing on Identity and Access Management (IAM), as reported by 45 per cent of respondents while implementing the model.
Just-in-time access controls were highly valued, with 87 per cent of respondents saying reducing standing privileges is an “important” or “very important” aspect of Zero Trust.
Endpoint security
Organisations are facing operational challenges in terms of endpoint security.
“Because attackers recognize the value of non-IT identities and are exploiting weaknesses in protecting these identities because of operational challenges, there is a need for security solutions that work despite internal constraints,” the report said.
For 94 per cent of respondents, endpoint security remains is a major operational challenge. 46 per cent said that installing and maintaining agents made endpoint security was challenging.
86 per cent of users emphasised user experience optimisation highlighting a need for security tools and policies that will not be bypassed or ignored due to security fatigue.
“The SolarWinds attack and the pace of digital transformation are two factors which have only increased attention on the Zero Trust model in India,” said Rohan Vaidya, regional director, India at CyberArk. “As new identities multiply across the enterprise, the need to protect privileged credentials, breaking the attack chain to critical data and assets, is acute.”
The survey is based on in-depth interviews with a panel of 12 top security executives from Global 1,000 companies.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.