Benchmark Survey Results Highlighted in 2016 State of Privileged Account Management Report from Thycotic and Cybersecurity Ventures Reveal How Organizations Fail to Secure their “Keys to the Kingdom”
Washington, D.C. (July 20, 2016) – Thycotic, a provider of privileged account management (PAM) solutions for more than 7,500 organizations worldwide, in conjunction with Cybersecurity Ventures, a research and market intelligence firm focused on startup, emerging companies and major players in the cybersecurity industry, today released its 2016 State of Privileged Account Management security report. The report reveals major shortcomings in the current state of privileged credential password and access security among organizations worldwide, along with recommendations for how to address the most common failures in PAM security.
The report results are based on a groundbreaking online Privileged Password Vulnerability Benchmark survey that exposes several significant security gaps in how organizations manage and secure their privileged account passwords and access. Launched in early 2016, the survey includes responses from more than 500 IT security professionals from organizations around the world. Results indicate a growing awareness among organizations of the importance of securing privileged credentials:
- 80 percent of respondents consider PAM security a high priority
- 60 percent of respondents indicate that PAM security is required to demonstrate compliance with government regulations
“While awareness is high among organizations of the importance of securing privileged accounts, according to results found in our survey, many organizations still fall short when it comes to adopting and maintaining best practices in the protection of privileged account credentials,” said James Legg, President and CEO at Thycotic. “There are some serious gaps in the enforcement of basic security measures when it comes to securing privileged account credentials.”
The results of this landmark survey suggest a lack of follow-through in implementing security best practices for the protection and management of privileged account credentials. Some of the most disturbing findings show that:
- One in five organizations (20 percent) have never changed their default passwords on privileged accounts
- Three out of 10 organizations still allow accounts and passwords to be shared
- Four out of 10 organizations use the same security for privileged accounts as standard accounts
- Seven out of 10 organizations do not require approval for creating new privileged accounts
- Fifty percent of all organizations do not audit privileged account activity
In the majority of data breaches, stolen credentials and privileged accounts continue to be the main target for hackers because they unlock the access required to exploit virtually any part of an organization’s network, including critical and sensitive data. Hacking privileged credentials can mean the difference between a simple perimeter breach and one that could lead to a cyber catastrophe. Once attackers gain access, they can escalate their privileges and move through networks to identify and compromise confidential information or use ransomware to encrypt critical business data.
“Weak privileged account management is a rampant epidemic at large enterprises and governments globally,” said Steve Morgan, founder and CEO at Cybersecurity Ventures. “Privileged accounts contain the keys to the IT kingdom, and they are a primary target for cyber criminals and hackers-for-hire who are launching increasingly sophisticated cyberattacks on businesses and costing the world’s economies trillions of dollars in damages. We expect the needle on automated (PAM) solutions adoption to move fairly quickly into the 50 percent range over the next two years.”
To view the 2016 State of Privileged Account Management report, please visit https://thycotic.com/resources/state-of-pam-2016-thycotic-and-cybersecurity-ventures/. In addition, Black Hat 2016 attendees are invited to stop by Booth #1454 to chat with Thycotic’s security experts about the report results and recommendations for better protecting your company’s privileged accounts.
Thycotic, a global leader in IT security, is the fastest growing provider of Privilege Management solutions that protect an organization’s most valuable assets from cyberattacks and insider threats. Thycotic secures privileged account access for more than 7,500 organizations worldwide, including Fortune 500 enterprises. Thycotic’s award-winning Privilege Management Security solutions minimize privileged credential risk, limits user privileges and controls applications on endpoints and servers. Thycotic was founded in 1996 with corporate headquarters in Washington, D.C. and global offices in the U.K. and Australia. For more information, please visit www.thycotic.com.
About Cybersecurity Ventures
Cybersecurity Ventures is a research and market intelligence firm focused on the cybersecurity industry. The firm’s Cybersecurity Market Report forecasts that worldwide cybersecurity spending will eclipse $1 trillion for the five-year period from 2017 to 2021. Cybersecurity Ventures is regularly featured, quoted and cited as a trusted source by major newspapers and the leading business, financial, technology and cybersecurity news media.