Execs blame security breaches on user behaviour, executive leadership: CyberArk

Even though takeover of privileged accounts is recognised as being by far the most difficult type of attack to deal with, more than half of IT-security and C-level executives believe they can detect a security breach within days and nearly half believe they can stop attackers from breaking into their network altogether.

The figures, contained in CyberArk's new Global Advanced Threat Landscape Survey 2015, suggest that business executives are confident in their security protections – and that technology executives lack confidence in their business leadership, with 43 percent saying they don't believe their CEO and board of directors are providing sound leadership on organisational security strategy.

The findings reflect broad concerns that many executives are overconfident about their security posture – particularly their ability to detect breaches, with many latent malware infections running for months on end before being detected.

Earlier this year, an Osterman Research survey found that 37 percent of respondents said it would take hours to detect a breach, 21 percent said it would take days, and 17 percent said it could take weeks or longer.

These results mirrored those of the new CyberArk analysis, in which 25 percent of executives claimed they could pick a breach within hours, 19 percent within days, and 15 percent within weeks.

Yet both sets of figures are at odds with repeated industry studies that suggest malware is lingering much longer, on average, before it is detected. A 2012 Trustwave study found that malware had an average of 173.5 days to explore the network before being detected. A 2014 Mandiant survey pegged the delay at 229 days, while a 2015 IBM-Ponemon Institute report said it takes 256 days on average to even detect that a breach has occurred.

Even as the delay to detection increases over time, the CyberArk analysis looked at the sources for the breaches – and found that fully 48 percent of CSOs blamed poor employee security habits for security breaches.

This is a counterproductive approach that, CyberArk's analysis warns, is past its time. “Organisations should accept that the security battle has shifted to inside the enterprise network,” the report advises.

“Attackers will always find a way past the perimeter. Security strategies must assume this and focus on limiting attacker movement once they infect an endpoint or trick an employee into clicking a malicious link.”

Some 29 percent believe the sophistication of cyber attacks was the leading factor in most data breaches – which reflects the 70 percent of respondents who said they were executives were concerned about phishing attacks and 72 percent about password hijacking.

Organisational issues were also blamed by some, with 12 percent blaming insufficient security budgets for breaches and 10 percent blamed the lack of CEO or board involvement in infosec strategies.

“Organisations still maintain the belief that they can keep attackers off of their networks with the right security strategy,” the CyberArk analysis notes on the back of the 56 percent of respondents who said they believe they could prevent attacks.

Yet with 56 percent admitting breaches were inevitable, the figures reinforced the need for a broader acceptance of the reality of today's threat profile.

“C-level executives and Boards of Directors can no longer simply state that ‘attacks are too sophisticated’ or ‘employees are to blame for security lapses',” the CyberArk analysis notes. “This needs to be accounted for in a holistic security strategy that assumes motivated attackers will always find a way to breach a network.”

Want to know more?

Why not become a CSO member and subscribe to CSO's mailing list.

Get newsletters, updates, events and more right here.

Join the CSO newsletter!

Error: Please check your email address.

Tags Advanced Threat Landscapesecurity breachesCyberArk analysisPrivileged AccountsCyberArkExecsmalwareCSO Australia

More about AdvancedCSOCyberArkOsterman ResearchTrustwave

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts