New Report from Thycotic and Cybersecurity Ventures Shows 52 Percent of Companies Have a Failing Grade on Enforcement of Proper Privileged Credential Controls
Benchmark Survey Results Highlighted in 2016 State of Privileged Account Management Report from Thycotic and Cybersecurity Ventures Reveal How Organizations Fail to Secure their “Keys to the Kingdom”
Thycotic, a provider of privileged account management (PAM) solutions for more than 7,500 organizations worldwide, in conjunction with Cybersecurity Ventures, a research and market intelligence firm focused on startup, emerging companies, and major players in the Cybersecurity industry, today released its 2016 State of Privileged Account Management security report. The report reveals major shortcoming in the current state of privileged credential password and access security among organizations worldwide, along with recommendations for how to address the most common failures in PAM security.
The report results are based on a ground-breaking online Privileged Password Vulnerability Benchmark survey that exposes several, significant security gaps in how organizations manage and secure their privileged account passwords and access. Launched in early 2016, the survey includes responses from more than 500 IT security professionals from organizations around the world. Results indicate a growing awareness among organizations of the importance of securing privileged credentials:
- Eighty percent of respondents consider PAM security a high priority
- Sixty percent of respondents indicate that PAM security is required to demonstrate compliance with government regulations
“While awareness is high among organization on the importance of securing privileged accounts, according to results found in our survey, many organizations still fall short when it comes to adopting and maintaining best practices in the protection of privileged account credentials,” said James Legg, president and CEO at Thycotic. “There are some serious gaps in the enforcement of basic security measures when it comes to securing privileged account credentials.”
The results of this landmark survey suggest a lack of follow through in implementing security best practices for the protection and management of privileged account credentials. Some of the most disturbing findings show that:
- One in five organizations (20 percent) have never changed their default passwords on privileged accounts
- Three out of 10 organizations still allow accounts and passwords to be shared
- Four out of 10 organizations use the same security for privileged accounts as standard accounts
- Seven out of 10 organizations do not require approval for creating new privileged accounts
- Fifty percent of all organizations do not audit privileged account activity
In the majority of data breaches, stolen credentials and privileged accounts continue to be the main target for hackers because they unlock the access required to exploit virtually any part of an organizations network including critical and sensitive data. Hacking privileged credentials can mean the difference between a simple perimeter breach and one that could lead to a cyber catastrophe. Once attackers gain access, they can escalate their privileges and move through networks to identify and compromise confidential information or use ransomware to encrypt critical business data.
“Weak privileged account management is a rampant epidemic at large enterprises and governments globally,” said Steve Morgan, founder and CEO at Cybersecurity Ventures. “Privileged accounts contain the keys to the IT kingdom, and they are a primary target for cybercriminals and hackers-for-hire who are launching increasingly sophisticated cyber-attacks on businesses and costing the world’s economies trillions of dollars in damages. We expect the needle on automated (PAM) solutions adoption to move fairly quickly into the 50 percent range over the next two years.”
Thycotic, a global leader in IT security, is the fastest growing provider of Privilege Management solutions that protect an organization’s most valuable assets from cyber-attacks and insider threats. Thycotic secures privileged account access for more than 7,500 organizations worldwide, including Fortune 500 enterprises. Thycotic’s award winning Privilege Management Security solutions minimize privileged credential risk, limits user privileges and controls applications on endpoints and servers. Thycotic was founded in 1996 with corporate headquarters in Washington, D.C. and global offices in the U.K. and Australia. For more information, please visit www.thycotic.com.
About Cybersecurity Ventures
Cybersecurity Ventures is a research and market intelligence firm focused on the Cybersecurity industry. The firm’s Cybersecurity Market Report forecasts worldwide cybersecurity spending will eclipse $1 trillion for the 5 year period from 2017 to 2021. Cybersecurity Ventures is regularly featured, quoted, and cited as a trusted source by major newspapers and the leading business, financial, technology, and cybersecurity news media.
Download the full report: