Information Security

Topics: Computer security, Security, Information security Pages: 12 (2381 words) Published: August 14, 2013
2012 TRUST, SECURITY & PASSWORDS SURVEY
JUNE 2012

©2012 Cyber-Ark Software, Inc. | www.cyber-ark.com

2

Contents page

Page 3 Pages 4 – 13

Executive Summary Key Report Findings  Page 4: Insiders Considered Greatest Organizational Security Threat  Page 5: Privileged Accounts Are Increasingly Targeted – Regardless of Attack Entry Point  Page 5: High Profile Security Incidents Impact Organizational Security Strategies  Page 6: Organizations are taking a broad approach to security in 2012  Page 7: Increasing Number of Organizations at Risk by Failing to Monitor Privileged Accounts  Page 8: Motivated Insiders Get Around Current Controls  Page 8: Employees Accessing Unauthorized Information  Page 9: Administrative Passwords – Wide Ranging Access  Page 10: Employees Plan on Taking Privileged Passwords on Way Out  Page 12: Intellectual Property – Competitive Theft  Page 13: Data Breach Notification Laws Fail to Curb Data Loss

Page 14 Appendix 1 – Sample Page 15 About Cyber-Ark and media contacts

©2012 Cyber-Ark Software, Inc. All rights reserved

3

Executive Summary
Cyber-Ark’s 2012 Trust, Security & Passwords survey is the sixth in a series of annual surveys focused on identifying key security trends amongst IT workers. The survey assesses the extent to which privileged accounts and passwords are being protected in organizations today, and also provides insight into the core threats that exist and the measures being taken to defend systems. The survey report is the result of interviews with 820 IT managers and C-level professionals across North America and EMEA, primarily from enterprise companies. The security landscape continues to evolve – businesses can no longer simply focus on securing the network perimeter in hopes of keeping attackers out. As the enterprise perimeter dissolves, and reports of internal and external threats increase, privileged access points have emerged as the primary target for enterprise attacks. Privileged access points consist of privileged and administrative accounts, default and hardcoded passwords, application backdoors, and more. These accounts act as a gateway to an organization’s most sensitive data accessible across systems, applications and servers. The research reveals that while insiders continue to be perceived as the biggest risk organizations face in securing against data breaches, a majority of respondents agree that all recent security breaches – internal and external – involved the exploitation of privileged accounts. The continued exploitation of these accounts in some of the industry’s most notorious data breaches is a significant factor in the growing recognition of the “privileged connection.” Businesses need to continue to be vigilant in securing and managing these high value targets.

©2012 Cyber-Ark Software, Inc. All rights reserved

4

Key Report Findings
Insiders Considered Greatest Organizational Security Threat 71 percent of respondents believe that the insider threat is the priority security concern for their organization. Whether through accidental or malicious breach, internal employees have the access and system knowledge to perpetrate potentially devastating attacks. Insider threat External threat

29% 71%

Figure 1: What do you consider to be the greatest security threat to your organisation at present? The perception of the insider threat posing the most significant business risk is juxtaposed by last year’s findings. When asked the question – ‘In the next 1 – 3 years, do you see external threats becoming a greater security risk than insider threats?’ – 57 percent of respondents believed that external attacks would surpass the insider threat in terms of security risk. The pathways for insider risk (accidental data loss, stolen devices, malicious hacks) may be a contributing factor to why it is still considered the highest security priority. 57%

43%

Yes

No

Figure 2: In the next 1-3 years, do you see external...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Mcbride Financial Security Policy Essay
  • Data Security, Quality, and Integrity-Regulations and Information Classification Essay
  • Network Security Protocol with Rfid System Essay
  • Confidentiality and Information Essay
  • Promote Good Practice in Handling Informations Essay
  • Information Safety and Effectiveness in Administrative Decision-Making in Business Organizations Essay
  • Handle Information in Health and Social Care Setting Essay
  • Pwcs 38 – Understand How to Handle Information in a Social Care Setting Essay

Become a StudyMode Member

Sign Up - It's Free