Global Survey: Cyber Security Awareness Rises, Yet Bad Habits Persist
September 21 2016 - 6:00PM
Business Wire
While 82 Percent of Respondents Believe the It
Security Industry is Making Progress Against Cyber Attacks, Gains
Are Undercut by Failure to Enforce Best Practices in Critical
Areas
While 82 percent of respondents believe the IT security industry
is making progress against cyber attacks, those gains are undercut
by egregious security practices in critical areas such as
privileged account security, third-party vendor access and cloud,
according to results from a new global survey commissioned and
released by CyberArk (NASDAQ: CYBR).
This Smart News Release features multimedia.
View the full release here:
http://www.businesswire.com/news/home/20160921006404/en/
CyberArk Global Advanced Threat Landscape
Survey 2016: http://www.cyberark.com/ThreatSurvey2016 (Photo:
Business Wire)
The 10th annual CyberArk Global Advanced Threat Landscape Survey
2016, themed “Cyber Security: Past, Present & Future,” examines
whether global enterprises are learning and applying lessons from
high-profile cyber attacks, and how security priorities and
business decision-making are being influenced.
Cyber Lip Service? Bad Security Habits Persist, Despite
Rising AwarenessHeadline-making cyber attacks have driven
significant increases in cyber security awareness. However, the
failure to turn increased awareness into the enforcement of
security best practices undermines progress for organizations’
cyber security efforts.
- Seventy-nine (79) percent state their
organization has learned lessons from major cyber attacks and has
taken appropriate action to improve security.
- Sixty-seven (67) percent now believe
their CEO/board of directors provide sound cyber security
leadership (up from 57 percent in 2015).
- The top actions taken because of this
awareness are deployment of malware detection (25 percent),
endpoint security (24 percent) and security analytics (16
percent).
- Fifty-five (55) percent of respondents
state their organization has changed or evolved processes for
managing privileged accounts.
- Despite this, 40 percent of
organizations still store privileged and admin passwords in a Word
document or spreadsheet, while 28 percent use a shared server or
USB stick.
- Nearly half of organizations (49
percent) allow third-party vendors (such as supply chain and IT
management firms) remote access to their internal networks.
- While the majority of respondents
secure and monitor that access, the public sector has the least
third-party vendor access controls in place compared to other
industries, with 21 percent not securing and 33 percent not
monitoring that activity.
A Cyber State-of-Mind: Striking a Balance Between Fear and
OverconfidenceOrganizations are increasingly adopting a
post-breach mindset, preparing to deal with ongoing cyber attacks
and activity in the case of a breach. This preparedness is leading
to positive steps in post-breach planning, but concerns exist about
how overconfidence may affect the ability to protect against cyber
attacks.
- Three out of four IT decision makers
now believe they can prevent attackers from breaking into their
internal network – up from 44 percent in 2015.
- Despite this, 36 percent believe a
cyber attacker is currently on their network, or has been in the
last 12 months.
- Forty-six (46) percent believe their
organization was a victim of a ransomware attack in the past two
years.
- Eighty-two (82) percent of respondents
believe the security industry in general is making progress against
cyber attacks.
- Seventeen (17) percent believe the
industry is falling further behind.
- Nearly every organization (95 percent)
has a cybersecurity emergency response plan.
- This preparedness is undermined by a
lack of communication and testing – only 45 percent communicate and
regularly test their plan with all IT staff.
- Sixty-eight (68) percent of
organizations cite losing customer data as one of their biggest
concerns following a cyber attack.
- Sixty (60) percent of those who use the
cloud store customer data in it.
- Fifty-seven (57) percent who store
information in the cloud are not completely confident in their
cloud provider’s ability to protect their data.
- When identifying the most difficult
stage of a cyber attack to mitigate, malware installation ranked
first (41 percent), followed by privileged account takeover (25
percent).
On the Radar: Future Risks EmergeAs cyber attacks
continue on trusted institutions such as government, utilities and
financial systems, respondents identify what types of cyber attacks
or tactics are most concerning. Respondents also share which cyber
attack scenarios they think represent the most immediate and
potentially catastrophic threat in general.
- Respondents list the following types of
cyber attacks or tactics as the top-ranked concern in the next 12
months: Distributed denial-of-service (DDoS) attacks (19 percent),
phishing (14 percent), ransomware (13 percent), privileged account
exploitation (12 percent) and perimeter breaches (12 percent).
- Attacks on financial systems, including
disruption of global markets (58 percent) is the most potentially
catastrophic threat perceived by respondents, followed by attacks
causing massive utilities damage (55 percent) and those impacting
civil services such as healthcare and hospital services (51
percent).
The Impact of a Breach on Customer Data and Corporate
AccountabilityThe survey found a varied global picture in terms
of preparedness for increased regulatory oversight and the impact
on cyber security programs and accountability.
- While 70 percent of global respondents
agree that the threat of legal action and fines influence the level
of executive/board involvement in security-related decisions, 22
percent of the respondents do not incorporate compliance fines or
legal fees (19 percent) into the cost of a breach.
- Nearly seven in ten (69 percent)
respondents state that, in response to a breach or cyber attack,
stopping the breach/removing the attackers is among their top
priorities, followed by detecting the source of the breach (53
percent).
- Far fewer respondents prioritize
notifying the CEO/board (26 percent), entire staff/workforce (25
percent) or customers (18 percent).
“The findings of this year’s Global Advanced Threat Landscape
Survey demonstrate that cyber security awareness doesn’t always
equate to being secure. Organizations undermine their own efforts
by failing to enforce well-known security best practices around
potential vulnerabilities associated with privileged accounts,
third-party vendor access and data stored in the cloud,” said John
Worrall, CMO, CyberArk. “There’s a fine line between preparedness
and overconfidence. The majority of cyber attacks are a result of
poor security hygiene – organizations can’t lose sight of the
broader security picture while trying to secure against the threat
du jour.”
Download the ReportTo download the full CyberArk Global
Advanced Threat Landscape Survey 2016, visit
http://www.cyberark.com/ThreatSurvey2016.
About the ResearchCyberArk commissioned independent
research firm Vanson Bourne to conduct surveys with 750 IT and IT
security decision makers from around the world, including C-level
executives, directors and department heads among enterprise
organizations. Respondents represent a range of public and private
organizations across multiple vertical industries from the United
States, Europe (France, Germany, United Kingdom), Israel and Asia
Pacific (Australia, New Zealand, Singapore).
About CyberArkCyberArk is the only security company
focused on eliminating the most advanced cyber threats; those that
use insider privileges to attack the heart of the enterprise.
Dedicated to stopping attacks before they stop business, CyberArk
proactively secures against cyber threats before attacks can
escalate and do irreparable damage. The company is trusted by the
world’s leading companies – including 45 percent of the Fortune 100
– to protect their highest value information assets, infrastructure
and applications. A global company, CyberArk is headquartered in
Petach Tikvah, Israel, with U.S. headquarters located in Newton,
Mass. The company also has offices throughout EMEA and Asia Pacific
and Japan. To learn more about CyberArk, visit www.cyberark.com,
read the company blog, http://www.cyberark.com/blog/, follow
on Twitter @CyberArk or Facebook
at https://www.facebook.com/CyberArk.
Forward-Looking StatementsThis release may contain
forward-looking statements, which express the current beliefs and
expectations of CyberArk’s (the “Company”) management. In some
cases, forward-looking statements may be identified by terminology
such as “believe,” “may,” “estimate,” “continue,” “anticipate,”
“intend,” “should,” “plan,” “expect,” “predict,” “potential” or the
negative of these terms or other similar expressions. Such
statements involve a number of known and unknown risks and
uncertainties that could cause the Company’s future results,
performance or achievements to differ significantly from the
results, performance or achievements expressed or implied by such
forward-looking statements. Important factors that could cause or
contribute to such differences include risks relating to: changes
in the rapidly evolving cyber threat landscape; failure to
effectively manage growth; near-term declines in the Company’s
operating and net profit margins and its revenue growth rate; real
or perceived shortcomings, defects or vulnerabilities in the
Company’s solutions or internal network system, or the failure of
the Company’s customers or channel partners to correctly implement
the Company’s solutions; fluctuations in quarterly results of
operations; the inability to acquire new customers or sell
additional products and services to existing customers; competition
from IT security vendors; the Company’s ability to successfully
integrate recent and or future acquisitions; and other factors
discussed under the heading “Risk Factors” in the Company’s most
recent annual report on Form 20-F filed with the Securities and
Exchange Commission. Forward-looking statements in this release are
made pursuant to the safe harbor provisions contained in the
Private Securities Litigation Reform Act of 1995. These
forward-looking statements are made only as of the date hereof, and
the Company undertakes no obligation to update or revise the
forward-looking statements, whether as a result of new information,
future events or otherwise.
Copyright © 2016 CyberArk Software. All Rights Reserved. All
other brand names, product names, or trademarks belong to their
respective holders.
View source
version on businesswire.com: http://www.businesswire.com/news/home/20160921006404/en/
Media Relations Contacts:fama PRBrooke Wenrick,
+1-617-986-5022cyberark@famapr.comorCyberArkLiz Campbell,
+1-617-558-2191press@cyberark.comorInvestor Relations
Contact:CyberArkErica Smith, +1 617-630-6426ir@cyberark.com
CyberArk Software (NASDAQ:CYBR)
Historical Stock Chart
From Aug 2024 to Sep 2024
CyberArk Software (NASDAQ:CYBR)
Historical Stock Chart
From Sep 2023 to Sep 2024