|By Business Wire||
|July 28, 2014 09:00 AM EDT||
Sixty eight percent of businesses stated that the NSA breach by Edward Snowden and the number of retail/point of sale (PoS) system breaches in the past year were the most impactful in terms of changing security strategies to protect against the latest threats. The findings are part of CyberArk’s 8th Annual Global Advanced Threat Landscape survey – developed through interviews with 373 C-level and IT security executives across North America, Europe and the Asia-Pacific. The full survey can be downloaded for free here.
The majority of organizations surveyed believe that attacks reaching the privileged account takeover stage are the most difficult to detect, respond to and remediate. While the NSA breach is widely regarded as the prototypical insider-based attack, and the retail/PoS breaches are regarded similarly for outside attacks, the critical link between both attacks was the compromise and exploitation of privileged credentials.
Key findings of the 2014 survey include:
Snowden and Retail/PoS Breaches Influence Security Strategies the Most
When asked which cyber-attacks or data breaches in the past year had
the biggest impact on their business’ security strategy:
- 37 percent of respondents cited the NSA/Edward Snowden breach
- 31 percent of respondents cited the retail/PoS attacks
- 19 percent of respondents cited government-sponsored espionage
Third-Party Privileged Access Emerges as Critical Security Vulnerability
As companies move to the cloud and streamline the supply chain by
providing routine network access to third-parties, cyber-attackers are
increasingly targeting these partners to steal and exploit their
privileged access to the target company’s network. This pathway was
used in some of the most devastating breaches in the last 12 months.
The survey found:
- 60 percent of businesses now allow third-party vendors remote access to their internal networks
- Of this group, 58 percent of organizations have no confidence that third-party vendors are securing and monitoring privileged access to their network
Attackers are on the Inside – Protect Your Privileges
Organizations continue to face sophisticated and determined attackers
seeking to infiltrate networks. Many organizations face daily
perimeter-oriented attacks, such as phishing, designed to give
attackers a foothold to steal the privileged credentials of an
employee to give them defacto insider status. The survey found:
- 52 percent of respondents believe that a cyber-attacker is currently on their network, or has been in the past year
- 44 percent believe that attacks that reach the privileged account takeover stage are the most difficult to detect, respond to and remediate; 29 percent believe it is the malware implantation stage
Other Findings of Note
Survey respondents stated that the following trends were the most
impactful in terms of shaping and changing security strategies:
- 30 percent stated Bring Your Own Device (BYOD)
- 26 percent stated cloud computing
- 21 percent stated regulatory compliance
- 16 percent stated the Internet of Things (IoT)
When asked whether their organization had or was considering deploying
security analytics, this year’s survey found that:
- 31 percent of businesses have already deployed security analytics in some form
- 23 percent were planning on deploying security analytics in the next 12 months
- 33 percent had no plans to leverage security analytics
“Loss of IP and competitive advantage, diminishing brand value, loss of customers and negative shareholder impact are just a few of the business impacts many organizations felt as a result of cyber-attacks this year,” said Adam Bosnian, executive vice president, CyberArk. “This year’s survey results demonstrate that whether it’s an insider like Edward Snowden, or an outside-based attack like the retail/PoS breaches, attackers require the exploitation of insider credentials to successfully execute their attacks.”
Full Research Brief:
CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world’s leading companies – including more than 35 percent of the Fortune 100 and 17 of the world’s top 20 banks – to protect their highest value information assets, infrastructure and applications. A global company, CyberArk is headquartered in Petach Tikvah, Israel, with U.S. headquarters located in Newton, MA. The company also has offices throughout EMEA and Asia-Pacific. To learn more about CyberArk, visit www.cyberark.com, read the company blog, http://www.cyberark.com/blog/, follow on Twitter @CyberArk or Facebook at https://www.facebook.com/CyberArk.
Copyright © 2014 Cyber-Ark Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.
SYS-CON Events announced today that DataClear Inc. will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. The DataClear ‘BlackBox’ is the only solution that moves your PC, browsing and data out of the United States and away from prying (and spying) eyes. Its solution automatically builds you a clean, on-demand, virus free, new virtual cloud based PC outside of the United States, and wipes it clean...
Sep. 1, 2015 04:15 PM EDT Reads: 432
WSM International, the pioneer and leader in server migration services, has announced an agreement with WHOA.com, a leader in providing secure public, private and hybrid cloud computing services. Under terms of the agreement, WSM will provide migration services to WHOA.com customers to relocate some or all of their applications, digital assets, and other computing workloads to WHOA.com enterprise-class, secure cloud infrastructure. The migration services include detailed evaluation and planning...
Sep. 1, 2015 04:00 PM EDT Reads: 196
SYS-CON Events announced today that IceWarp will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. IceWarp, the leader of cloud and on-premise messaging, delivers secured email, chat, documents, conferencing and collaboration to today's mobile workforce, all in one unified interface
Sep. 1, 2015 03:00 PM EDT Reads: 439
In his session at @ThingsExpo, Lee Williams, a producer of the first smartphones and tablets, will talk about how he is now applying his experience in mobile technology to the design and development of the next generation of Environmental and Sustainability Services at ETwater. He will explain how M2M controllers work through wirelessly connected remote controls; and specifically delve into a retrofit option that reverse-engineers control codes of existing conventional controller systems so the...
Sep. 1, 2015 02:45 PM EDT Reads: 136
In 2014, the market witnessed a massive migration to the cloud as enterprises finally overcame their fears of the cloud’s viability, security, etc. Over the past 18 months, AWS, Google and Microsoft have waged an ongoing battle through a wave of price cuts and new features. For IT executives, sorting through all the noise to make the best cloud investment decisions has become daunting. Enterprises can and are moving away from a "one size fits all" cloud approach. The new competitive field has ...
Sep. 1, 2015 02:45 PM EDT
The Internet of Things is in the early stages of mainstream deployment but it promises to unlock value and rapidly transform how organizations manage, operationalize, and monetize their assets. IoT is a complex structure of hardware, sensors, applications, analytics and devices that need to be able to communicate geographically and across all functions. Once the data is collected from numerous endpoints, the challenge then becomes converting it into actionable insight.
Sep. 1, 2015 01:00 PM EDT
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
Sep. 1, 2015 12:30 PM EDT Reads: 912
Consumer IoT applications provide data about the user that just doesn’t exist in traditional PC or mobile web applications. This rich data, or “context,” enables the highly personalized consumer experiences that characterize many consumer IoT apps. This same data is also providing brands with unprecedented insight into how their connected products are being used, while, at the same time, powering highly targeted engagement and marketing opportunities. In his session at @ThingsExpo, Nathan Trel...
Sep. 1, 2015 12:15 PM EDT Reads: 249
SYS-CON Events announced today that Pythian, a global IT services company specializing in helping companies leverage disruptive technologies to optimize revenue-generating systems, has been named “Bronze Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Founded in 1997, Pythian is a global IT services company that helps companies compete by adopting disruptive technologies such as cloud, Big Data, advance...
Sep. 1, 2015 11:45 AM EDT Reads: 323
As more and more data is generated from a variety of connected devices, the need to get insights from this data and predict future behavior and trends is increasingly essential for businesses. Real-time stream processing is needed in a variety of different industries such as Manufacturing, Oil and Gas, Automobile, Finance, Online Retail, Smart Grids, and Healthcare. Azure Stream Analytics is a fully managed distributed stream computation service that provides low latency, scalable processing of ...
Sep. 1, 2015 11:15 AM EDT Reads: 290
SYS-CON Events announced today that Micron Technology, Inc., a global leader in advanced semiconductor systems, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Micron’s broad portfolio of high-performance memory technologies – including DRAM, NAND and NOR Flash – is the basis for solid state drives, modules, multichip packages and other system solutions. Backed by more than 35 years of tech...
Sep. 1, 2015 09:45 AM EDT Reads: 242
Contrary to mainstream media attention, the multiple possibilities of how consumer IoT will transform our everyday lives aren’t the only angle of this headline-gaining trend. There’s a huge opportunity for “industrial IoT” and “Smart Cities” to impact the world in the same capacity – especially during critical situations. For example, a community water dam that needs to release water can leverage embedded critical communications logic to alert the appropriate individuals, on the right device, as...
Sep. 1, 2015 09:00 AM EDT
U.S. companies are desperately trying to recruit and hire skilled software engineers and developers, but there is simply not enough quality talent to go around. Tiempo Development is a nearshore software development company. Our headquarters are in AZ, but we are a pioneer and leader in outsourcing to Mexico, based on our three software development centers there. We have a proven process and we are experts at providing our customers with powerful solutions. We transform ideas into reality.
Sep. 1, 2015 08:45 AM EDT Reads: 553
The web app is agile. The REST API is agile. The testing and planning are agile. But alas, data infrastructures certainly are not. Once an application matures, changing the shape or indexing scheme of data often forces at best a top down planning exercise and at worst includes schema changes that force downtime. The time has come for a new approach that fundamentally advances the agility of distributed data infrastructures. Come learn about a new solution to the problems faced by software organ...
Sep. 1, 2015 08:30 AM EDT
While many app developers are comfortable building apps for the smartphone, there is a whole new world out there. In his session at @ThingsExpo, Narayan Sainaney, Co-founder and CTO of Mojio, will discuss how the business case for connected car apps is growing and, with open platform companies having already done the heavy lifting, there really is no barrier to entry.
Sep. 1, 2015 08:00 AM EDT Reads: 180
With the Apple Watch making its way onto wrists all over the world, it’s only a matter of time before it becomes a staple in the workplace. In fact, Forrester reported that 68 percent of technology and business decision-makers characterize wearables as a top priority for 2015. Recognizing their business value early on, FinancialForce.com was the first to bring ERP to wearables, helping streamline communication across front and back office functions. In his session at @ThingsExpo, Kevin Roberts...
Sep. 1, 2015 08:00 AM EDT
Too often with compelling new technologies market participants become overly enamored with that attractiveness of the technology and neglect underlying business drivers. This tendency, what some call the “newest shiny object syndrome,” is understandable given that virtually all of us are heavily engaged in technology. But it is also mistaken. Without concrete business cases driving its deployment, IoT, like many other technologies before it, will fade into obscurity.
Aug. 31, 2015 09:00 PM EDT Reads: 381
The Internet of Things (IoT) is about the digitization of physical assets including sensors, devices, machines, gateways, and the network. It creates possibilities for significant value creation and new revenue generating business models via data democratization and ubiquitous analytics across IoT networks. The explosion of data in all forms in IoT requires a more robust and broader lens in order to enable smarter timely actions and better outcomes. Business operations become the key driver of I...
Aug. 31, 2015 02:30 PM EDT Reads: 427
SmartBear Software has updated its API tools, ServiceV for API service virtualization and LoadUI NG for API load testing, to accelerate development and testing processes in Agile teams. Updates to ServiceV enable software teams to rapidly build advanced mocks from real-time API traffic and quickly switch between virtualized “mock” services and actual APIs during diagnostic, load or integration testing in the continuous delivery lifecycle.
Aug. 21, 2015 11:00 AM EDT Reads: 335
Learn how you can use the CoSN SEND II Decision Tree for Education Technology to make sure that your K–12 technology initiatives create a more engaging learning experience that empowers students, teachers, and administrators alike.
Aug. 14, 2015 04:15 PM EDT Reads: 567