Organizations Failing to Secure Privileged Accounts

July 25, 2016

Thycotic in conjunction with Cybersecurity Ventures released its 2016 State of Privileged Account Management security report. The report reveals major shortcoming in the current state of privileged credential password and access security among organizations worldwide, along with recommendations for how to address the most common failures in PAM security.

The report results are based on a ground-breaking online Privileged Password Vulnerability Benchmark survey that exposes several, significant security gaps in how organizations manage and secure their privileged account passwords and access. Launched in early 2016, the survey includes responses from more than 500 IT security professionals from organizations around the world.

Results indicate a growing awareness among organizations of the importance of securing privileged credentials:

•Eighty percent of respondents consider PAM security a high priority

•Sixty percent of respondents indicate that PAM security is required to demonstrate compliance with government regulations

"While awareness is high among organization on the importance of securing privileged accounts, according to results found in our survey, many organizations still fall short when it comes to adopting and maintaining best practices in the protection of privileged account credentials," said James Legg, president and CEO at Thycotic. "There are some serious gaps in the enforcement of basic security measures when it comes to securing privileged account credentials."

The results of this landmark survey suggest a lack of follow through in implementing security best practices for the protection and management of privileged account credentials. Some of the most disturbing findings show that:

•One in five organizations (20 percent) have never changed their default passwords on privileged accounts

•Three out of 10 organizations still allow accounts and passwords to be shared

•Four out of 10 organizations use the same security for privileged accounts as standard accounts

•Seven out of 10 organizations do not require approval for creating new privileged accounts

•Fifty percent of all organizations do not audit privileged account activity

In the majority of data breaches, stolen credentials and privileged accounts continue to be the main target for hackers because they unlock the access required to exploit virtually any part of an organizations network including critical and sensitive data. Hacking privileged credentials can mean the difference between a simple perimeter breach and one that could lead to a cyber catastrophe. Once attackers gain access, they can escalate their privileges and move through networks to identify and compromise confidential information or use ransomware to encrypt critical business data.

"Weak privileged account management is a rampant epidemic at large enterprises and governments globally," said Steve Morgan, founder and CEO at Cybersecurity Ventures. "Privileged accounts contain the keys to the IT kingdom, and they are a primary target for cybercriminals and hackers-for-hire who are launching increasingly sophisticated cyber-attacks on businesses and costing the world's economies trillions of dollars in damages. We expect the needle on automated (PAM) solutions adoption to move fairly quickly into the 50 percent range over the next two years."

Terms of Use | Copyright © 2002 - 2016 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement