Security professionals still struggle to prevent attackers from breaking into internal networks, according to a CyberArk report.
Despite an increasingly sophisticated cyber threat landscape, organizations are failing to proactively update their security defenses, according to a new report from security firm CyberArk. Some 46% of the 1,300 IT professionals and business leaders surveyed said that their organization’s security strategy rarely changes substantially, even after suffering a cyberattack.
Further, 46% of security professionals said that their organization can’t prevent attackers from breaking into internal networks each time a hack is attempted, the report found. And only 8% of security leaders said that their company continuously conducts penetration testing to determine where vulnerabilities may sit.
“In medium to large organizations especially, there is a need for security teams to reset expectations around where security priorities and spend should be focused,” the report stated. “These findings support the dangers of inertia, with organizations not taking the initiative to make necessary changes following an attack.”
Organizations are also failing to protect privileged credentials and data in the cloud, the report found. While 50% of IT professionals said their organization stores business-critical information in the cloud, 49% said they have no privileged account security for the cloud—so they are storing data in the cloud, but not taking additional steps to protect it.
In terms of protecting passwords, 36% of companies reported that administrative credentials were stored in Word or Excel documents on company PCs, 34% said they were stored on shared servers or USB drives, and 19% said they were stored on printed documents in physical filing systems.
Many organizations are also failing to adequately protect endpoints, the report found: Only 52% of IT security professionals said they keep their operating systems and patches current, and 29% employ whitelist application controls.
As professionals reported the greatest security threats facing their organization are targeted phishing attacks (56%), insider threats (51%), and malware and ransomware (48%), it’s important for companies to remain vigilant about cybersecurity best practices.