Dubai: Centrify announced results of a new survey in partnership with TechVangelism that indicate the majority of organizations are ill-prepared to protect themselves against privileged access abuse, the leading cyber-attack vector.
Seventy-nine percent of organizations do not have a mature approach to Privileged Access Management (PAM), yet 93% believe they are at least somewhat prepared against threats that involve privileged credentials. This overconfidence and immaturity are underscored by 52% of organizations surveyed stating they do not use a password vault, indicating that the majority of companies are not taking even the simplest measures to reduce risk and secure access to sensitive data and critical infrastructure.
The survey of 1,300 organizations across 11 industry verticals in the U.S. and Canada reveals that most organizations are fairly unsophisticated and still taking Privileged Access Management approaches that would best be described as “Nonexistent” (43%) or “Vault-centric” (21%). More sophisticated organizations take an “Identity-Centric” (15%) approach that tries to limit shared and local privileged accounts, replacing them with centralized identity management and authentication with an enterprise directory. The most protected organizations are considered “Mature” (21%) because they address PAM by going beyond vault- and even identity-centric techniques by hardening their environment further via a number of initiatives (e.g., centralized management of service and app accounts and enforcing host-based session, file, and process auditing).
“This survey indicates that there is still a long way to go for most organizations to protect their critical infrastructure and data with mature Privileged Access Management approaches based on Zero Trust,” Tim Steinkopf, CEO of Centrify, said.
“We know that 74% of data breaches involve privileged access abuse, so the overconfidence these organizations exhibit in their ability to stop them from happening is concerning. A cloud-ready Zero Trust Privilege approach verifies who is requesting access, the context of the request, and the risk of the access environment to secure modern attack surfaces, now and in the future.”