According to a new survey carried out by CyberArk, 97% of senior security managers believe that attackers are increasingly focused the theft of one or more types of credentials.
As organizations migrate resources to the cloudBy increasing third-party access to corporate resources and enabling extended remote working models, attackers are targeting new users who may not be adequately protected.
The new CyberArk report, titled “CISO View 2021 Zero Trust and Privileged Access, ”Highlights the common opinion on the value of Zero Trust and a growing sense of urgency to protect privileged access.
The survey reveals that users are recognized as a category facing growing attacks. A majority of respondents (56%) saw end users and business with access to sensitive data to be increasingly affected.
Attacks targeting senior leadership roles (48%), third-party vendors and contractors (39%) and DevOps and cloud engineers (33%) are also on the rise. Widespread increases in credential theft attempts for personal data (70%) and systems and financial data (66%) reported, clear evidence of attackers’ interest in obtaining “high value” access for example, to highly sensitive systems that are often owned by users and not by administrators.
In response to these changing attack patterns, security leaders are embracing Zero Trust models. For 88% of respondents to adopt more than one Zero Trust approach is “very important” or “important”.
The top priority for implementing a Zero Trust model is identity and access management (IAM) controls for 45% of those involved. Different types of IAM controls have been favored to protect access to sensitive systems. Just-in-time access controls were particularly popular, while 87% of respondents believe that reducing privileges is an “important” or “very important” aspect of Zero Trust.
Furthermore, cybercriminals recognize the value of non-IT identities and know that they are often less secure due to operational needs. For this, security solutions are needed which operate despite these kinds of internal limitations. Endpoint protection remains an operational challenge for 94% of respondents – 46% say installing and maintaining agents made endpoint security a challenge.
For 86%, user experience optimization is “important” or “very important”, as it highlights the need for security tools and policies that will not be bypassed or ignored due to security fatigue.
“The reverberation of the SolarWinds attack continues to underline the need to protect privileged credentials and break the chain of attacks targeting organizations’ most valuable assets” he stressed Mike O’Malley, senior vice president, Global Marketing, di CyberArk.
“As new identities multiply across the enterprise, this report highlights the importance of a Zero Trust-based approach to identity security. We believe the experiences brought to light in CISO View reports can be a valuable tool for security managers seeking to mitigate the risks of spear-phishing, impersonation attacks and other forms of compromise, regardless of their organization’s Zero Trust maturity stage. “
“Based on our experience, the adoption of the Zero Trust in Italy is still at an early stage. The CISOs strongly recognize the need, especially in light of the increase in remote work due to the “new normal”, but at the same time the legacy infrastructure and budget constraints represent a challenge to proceed quickly in the short term “he stresses Paolo Lossa, country sales manager of CyberArk Italy.
«However, the evolution of the cloud and the new paradigm created in the aftermath of the pandemic will certainly act as accelerators, and I believe that starting from specific sectors such as Telco, Finance and Utilities, there will be strong adoption in the next few years ».
The CISO View report is part of “The CISO View: Protecting Privileged Access in a Zero Trust Model“. Fifth edition of the series, it is based on interviews with a panel of 12 security executives from Global 1000 companies, who shared their experiences on protecting privileged access during the migration to Zero Trust, including a risk analysis and controls. recommended.