Censys: The World of Attack Surface Management
A new report from Centrify and TechVangelism reveals that the vast majority of organisations are overconfident in their ability to stop data breaches. Despite the frequency of data breaches, many organisations are failing to implement even the simplest of security measures.
Attempting to stop data breaches
Overall, the report collected responses from 1,300 organisations across 11 industry verticals in the U.S. and Canada. As a result, the research found that many organisations are taking "nonexistent" or "vault-centric" approaches to Privileged Access Management (PAM).
Indeed, an overwhelming 79% of enterprises did not have a mature approach to PAM. In addition to this, 52% of organisations reportedly used shared accounts for controlling privileged access.
Meanwhile, 58% of respondents cited that they did not use MFA for privileged administration access to servers. Furthermore, 52% of the enterprises surveyed did not use a basic password vault for privileged access.
Finally, 51% of organisations did not control access to transformational technologies with privileged access. This included modern attack surfaces such as cloud workloads (38%), Big Data projects (65%), and containers (50%).
Overconfidence in the ability to stop data breaches
Despite these figures, 93% of respondents said that they remain somewhat prepared against threats to their privileged access. This evidently demonstrates that the vast majority of companies are significantly overconfident in their security practices.
In effect, many companies are not even taking the simplest measures to secure their data. Tim Steinkopf, CEO of Centrify commented on the way in which many enterprises are lacking in mature approaches.
“There is still a long way to go for most organisations to protect their critical infrastructure and data with mature Privileged Access Management approaches based on Zero Trust,” he said. 74% of data breaches involve privileged access abuse, so this "overconfidence" is particularly "concerning."
However, "a cloud-ready Zero Trust Privilege approach verifies who is requesting access," he stated. He added that it also verifies "the context of the request, and the risk of the access environment to secure modern attack surfaces, now and in the future."
Check out the Top 10 Companies Unifying Data in 2019