74% of data breaches involve privileged credential abuse warns Centrify study

Privilege access abuse responsible for three quarters of data breaches, according to major study of 1,000 IT chiefs from Centrify, painting a worrying picture for UK business leaders

by News Reporter on 26 February 2019 14:16


Data breaches are overwhelmingly caused by privilege access credential abuse, according to a new survey from Centrify, a leading provider of cloud-ready Zero Trust Privilege to secure modern enterprises.

The analysis of views of 1,000 IT decision makers, 500 from the UK and 500 from the US found that, of those whose organisations have experienced a breach, 74 per cent acknowledged it involved access to a privileged account.

This number aligns with Forrester’s estimate that 80 per cent of security breaches involve compromised privileged credentials. However, despite being aware that they’ve been breached, the survey results show that most companies are still extremely immature in their PAM journey.

The research found that 52 per cent of respondents do not have a password vault, rising to 60 per cent of UK respondents. Additionally, 65 per cent are still sharing root or privileged access to systems and data at least somewhat often, 58 per cent for UK respondents. 63 per cent indicate their companies usually take more than one day to shut off privileged access for employees who leave the company (70 percent of UK respondents).

21 per cent still have not implemented Multi-Factor Authentication (MFA) for privileged administrative access (27 per cent of UK respondents)

Tim Steinkopf, CEO of Centrify said, “Forrester had already estimated that privileged credential abuse was the leading attack vector, but now we have the empirical research to back it up. What’s alarming is that most organisations aren’t taking the most basic steps to reduce their risk of being breached.

“It’s not surprising that Forrester has found 66 percent of companies have been breached five or more times . It’s well past time to secure privileged access with a Zero Trust approach, and many organisations can significantly harden their security posture with low-hanging fruit like a password vault and MFA.”

The survey also revealed that, generally, respondents in the UK are behind their U.S. counterparts when it comes to securely managing privileged access.

Forty-four per cent of UK IT decision makers surveyed were not positive what Privileged Access Management is, and 60 per cent do not have a password vault. This also affects their confidence in the ability to secure their organisations, as only 36 per cent of UK respondents are “very confident” in their company’s current IT security software compared to 65 percent of US respondents.

“Centrify believes that reason for this increased prioritisation and spending on PAM is the increasingly-modern threatscape that security professionals are facing,” Steinkopf continued.

“Today’s environment is much different than when all privileged access was constrained to systems and resources inside the network. Privileged access now not only covers infrastructure, databases and network devices, but is extended to cloud environments, Big Data, DevOps, containers and more," he added. 

blog comments powered by Disqus