Many Enterprises Fail to Protect Privileged Credentials

A survey conducted by Thycotic and Cybersecurity Ventures shows that while organizations are increasingly aware of the risks posed by poorly protected privileged accounts, many of them have failed to adopt and maintain best practices.

The study, based on the responses of 500 IT security professionals from North America, Western Europe and Asia, shows that 80 percent consider privileged account management (PAM) a high priority in defending their systems against cyberattacks, and 60 percent said PAM is a required or regulated compliance issue within their industry or organization.

On the other hand, nearly one-third of respondents admitted failing to educate employees on password security, which significantly increases the risk of a breach.

Nearly 70 percent of the surveyed professionals said their organizations manage privileged accounts using homegrown solutions. These solutions usually involve manual operations and experts believe they are difficult to keep updated and inefficient for demonstrating compliance. Furthermore, a 2015 Thycotic survey showed that, in a vast majority of cases, attackers find credentials in unprotected files used as part of these manual PAM solutions.

The latest survey shows that 11 percent of organizations have fully implemented a commercial PAM solution, while 20 percent implemented partial security controls.

Worryingly, 20 percent of respondents admitted that they have never changed the default passwords on privileged accounts, and 30 percent said their organization allows credentials to be shared. Half of the surveyed experts reported that their organization does not audit privileged account activity, and in many cases approval is not needed for creating such accounts.

Four out of ten companies don’t limit the use of privileged accounts, allowing administrators to log into any device using their privileged credentials. This is particularly concerning given the fact that some pieces of malware target privileged accounts used by admins for day-to-day operations.

Stolen privileged account credentials are often used by hackers to breach an organization’s systems and gain access to sensitive data. A report published last year by CyberArk Labs revealed that nearly 90 percent of Windows-based servers and workstations could be compromised through the theft of privileged credentials. The study also showed that more than 40 percent of an enterprise’s machines provide attackers the usernames and passwords they need to breach the entire network.

Thycotic’s 2016 State of Privileged Account Management report, which includes recommendations on how to address failures in PAM security, is available for download in PDF format.