According to a new global survey from CyberArk, 45 percent of local organisations believe attackers can infiltrate their networks each time they try. As organisations increase investments in automation and agility, a general lack of awareness about the existence of privileged credentials – across DevOps, robotic process automation (RPA) and in the cloud – is compounding risk.
According to the CyberArk Global Advanced Threat Landscape 2019 Report for Singapore, less than half of organisations have a privileged access security strategy in place for DevOps, IoT and other technologies that are foundational to digital initiatives. This creates a perfect opportunity for attackers to exploit legitimate privileged access to move laterally across a network to conduct reconnaissance and progress their mission.
Preventing this lateral movement is a key reason why organisations are mapping security investments against key mitigation points along the cyber kill chain, with 30 percent of total planned security spend in the next two years to focus on stopping privilege escalation and lateral movement.
Proactive investments to reduce risk are critical given what this year’s survey respondents cite as their top threats:
- 79 percent identified hackers in their top three greatest threats to critical assets, followed by organised crime (66 percent), privileged insiders (44 percent) and hacktivists (41 percent).
- 60 percent of respondents cited external attacks, such as phishing, as one of the greatest security risks currently facing their organisation, followed by ransomware (62 percent) and Shadow IT (57 percent).
Security Barriers to Digital Transformation and the Privilege Priority