BlackHat USA hosts more than 9,000 infosec pros from over 100 countries. Lieberman Software surveyed 2015 attendees about information security trends. Can their organizations cope with today’s advanced cyber threats?
Cyber security drills are increasingly utilized to find and close critical vulnerabilities. The value of such drills seems universally agreed upon, particularly considering the likelihood of attack. Case in point: In another survey we ran earlier this year, 51% of IT security pros estimated that their networks are “continuously targeted” by hackers.
Lack of Cyber Security Planning
So why do one third of Black Hat survey respondents work in organizations that forego cyber security drills? One answer may be found in the response to another question: the 81% who fear an impending cyber attack, but cannot compel management to prepare accordingly.
The reasons cited for this failure to act? Because of IT not having a spot on the corporate board, budget shortages, and executives who don't understand the severity of cyber threats. The largest portion of respondents (44%) say that all three factors contribute to the problem.
Vulnerability to Cyber Attacks
Where might this dearth of planning and foresight lead? Evidently, to a high number of organizations that are susceptible to cyber attacks. At least that’s what we can discern when 64% of infosec pros admit they cannot identify an advanced persistent threat (APT) on their network for at least a month.
In reality, any APT that isn’t immediately identified and resolved is a serious breach. Only 3% of survey respondents said they could immediately identify such threats.
The Privileged Credential Attack Vector
Which brings us to our final statistic. 84% think that unmanaged privileged credentials are their biggest cyber security vulnerabilities. That’s an overwhelming number, but it makes sense in context of the rest of the survey.
If most organizations cannot identify an APT for more than a month, it stands to reason that these organizations need “security inside the firewall” once the perimeter is penetrated. A hacker who remains clandestine on the network for a month (or longer), has plenty of time to exploit unsecured privileged credentials, move around the network, and steal valuable data.
Want to learn more? Download the whitepaper Best Practices in Privileged Identity Management.
Find out why a truly secure environment requires privileged identities on all systems to be discovered and managed.
Lieberman Software anonymously queried nearly 150 registered attendees of BlackHat USA 2015.