Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

3/2/2018
10:05 AM
Dawn Kawamoto
Dawn Kawamoto
Dawn Kawamoto
50%
50%

Why 46% of Companies Keep Security Strategies Status Quo After an Attack

Nearly half of organizations surveyed say their security strategy remains unchanged following a cyberattack.

Old habits die hard, especially when it comes to IT security strategy, a recent CyberArk Advanced Threat Landscape 2018 report finds.

Of the 1,300 IT security decision-makers, DevOps and app developers surveyed across the globe, 46% say their organizations failed to change their cybersecurity strategy after an attack.

Although security professionals are aware of what steps they should be taking to make their organizations more secure following a breach, roadblocks exist to prevent change, Nick Bowman, a CyberArk corporate communications senior manager, told Security Now.

"Roadblocks to change will vary per company, but can include factors like breaches not being deemed serious enough to provoke change," Bowman said.

Other potential hurdles include a misunderstanding at the board of directors' level, in which compliance with audit demands are considered the beginning and end of cybersecurity, he notes. And in other cases, business processes or functions prevent security strategy changes, Bowman adds.

"For instance, it might be considered more important to launch that new web service to drive revenue today versus ensuring it is not an open door to an attacker," Bowman explains.

Indeed. The survey found the percentage of users who have local administrative privileges on their endpoint devices soared to 87% this year from 62% in 2016. That jump was attributed, in part, to employee demands for flexibility outweighing best security practices, the report states.

Big mistakes post attack
One of the biggest and most frequent mistakes organizations make following a cyberattack is to do "nothing," Bowman laments, pointing to a sense of security inertia that survey respondents cited in the report.

  • 46% say their organizations cannot prevent attackers from breaking into internal networks each time it is attempted.
  • 50% admitted their customers' personally identifiable information (PII) could be at risk because it is not secured beyond legally required basics.
  • 49% of organizations have no privileged account security strategy for the cloud
  • 68% defer cloud security to their vendor's built-in security capabilities

And while 89% of survey respondents are aware security should begin with securing privileged accounts, credentials and corporate secrets, this practice is not widespread, Bowman notes.

"Seventy-three percent of respondents don't have a DevOps privileged account security strategy, for instance," Bowman says. "DevOps represents, potentially, a massively expanded attack surface as it creates -- automatically -- more and more privileged account credentials and secrets. If these are not managed and secured, they are obvious and tempting targets for attackers."

Signs of change emerge
Despite the somewhat bleak results in the survey, some organizations are changing their security strategies.

For example, 8% of organizations regularly perform Red Team exercises to discover critical vulnerabilities and identify ways to effectively deal with them, the report finds. And 44% of respondents say they reward and recognize employees who help prevent a security breach.

But one of the key considerations companies need to embrace is to change their mindset and think like an attacker to the point that the organization understands what the cybercriminal wants and the methods they will employ to get there, Bowman says.

"We try and get organizations to assume that their perimeter defenses either have already been breached or will inevitably get breached and put in place a security strategy that has this as a central tenet," he explained. "Attackers will get in. When they get in, they seek to move laterally using compromised accounts, credentials or secrets. What is it that is valuable in your organization? If you are a bank, it might be customer information. If you are a hospital, it could be avoiding system downtime that could disrupt surgical procedures. Once the pathway to the valuable thing or things is robustly secured and managed, Red Teams should be tasked to regularly try and compromise it, because vulnerabilities emerge and attack vectors evolve over time."

Related posts:

— Dawn Kawamoto is an award-winning technology and business journalist, whose work has appeared in CNET's News.com, Dark Reading, TheStreet.com, AOL's DailyFinance, and The Motley Fool.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat Researcher,  10/21/2020
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Alan Brill, Senior Managing Director, Cyber Risk Practice, Kroll,  10/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7753
PUBLISHED: 2020-10-27
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) [DNP] via trim().
CVE-2020-27182
PUBLISHED: 2020-10-27
Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.
CVE-2020-27183
PUBLISHED: 2020-10-27
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.
CVE-2020-8956
PUBLISHED: 2020-10-27
Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled.
CVE-2020-15352
PUBLISHED: 2020-10-27
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.