<
>

2021 Press Releases

March 26, 2021

New “CISO View” Survey on Zero Trust Highlights Credential Theft Trends for New Types of Identities

A new survey released by CyberArk, the global leader in Identity Security, found that 97 per cent of senior security executives globally including Singapore say attackers are increasingly trying to steal one or more types of credentials. As organisations move assets to the cloud, increase third-party access to corporate resources, and enable sustained remote work models, attackers are targeting new user populations that may not be adequately protected. 
 
Sponsored by CyberArk, “The CISO View 2021 Survey: Zero Trust and Privileged Access,” demonstrates consensus around the value of Zero Trust and a growing sense of urgency for securing privileged access.
 
The survey revealed a marked shift in spear-phishing and impersonation attack patterns:

  • The most widely reported group facing increased attacks is end-users – including business users with access to sensitive data. A majority of respondents (56 per cent) report such users as being increasingly targeted by attackers.
  • Attacks are also on the rise against senior leadership (48 per cent), third-party vendors and contractors (39 per cent), and DevOps and cloud engineers (33 per cent).
  • Widespread increases in credential theft attempts were reported for personal data (70 per cent) and financial systems and data (66 per cent). This is clear evidence of attackers’ interest in gaining “high-value” access – access to highly sensitive systems that are often held by end-users rather than administrators for example.

In response to these shifting attack patterns, security leaders are embracing Zero Trust models:

  • Eighty-eight (88) per cent of respondents said adopting more of a Zero Trust approach is “very important” or “important.”
  • To implement a Zero Trust model, the top priority was controls focusing on Identity and Access Management (IAM), chosen by 45 per cent of respondents.
  • Several types of IAM controls were favoured to protect access to sensitive systems. Just-in-time access controls were highly valued, with 87 per cent of respondents saying reducing standing privileges is an “important” or “very important” aspect of Zero Trust.

Because attackers recognise the value of non-IT identities and are exploiting weaknesses in protecting these identities because of operational challenges, there is a need for security solutions that work despite internal constraints:

  • Endpoint security remains an operational challenge for 94 per cent of respondents – 46 per cent said that installing and maintaining agents made endpoint security challenging.
  • Eighty-six (86) per cent said user experience optimisation is “important” or “very important,” highlighting a need for security tools and policies that will not be bypassed or ignored due to security fatigue.

“Reverberations from the SolarWinds attack continue to underscore the need to protect privileged credentials and break the attack chain to organisations’ most valuable assets,” said Mike O’Malley, senior vice president, Global Marketing, CyberArk. “As new identities multiply across the enterprise, this survey emphasises the importance of a Zero Trust-based approach to Identity Security. For security leaders seeking to mitigate the risks of spear-phishing, impersonation attacks and other forms of compromise, we believe the peer experiences captured in the CISO View reports will serve as an invaluable tool, no matter where their organisation is on the Zero Trust maturity curve.”
 
“Digital transformation and attacks like SolarWinds have put renewed focus on introducing a Zero Trust based approach to Identity Security, and the peer experiences shared by Global 1000 security professionals will, we believe, prove invaluable as Singapore organisations examine the Zero Trust model,” said Vincent Goh, senior vice president for Asia Pacific and Japan at CyberArk. “Reinforcing this, the Singapore government has recently highlighted the need to adopt this approach, moving security away from the old implied trust approach. With the exponential growth of identities and privileges across the enterprise, breaking the attack chain means privileged credentials must be managed and secured.”
 
The survey is a companion to “The CISO View: Protecting Privileged Access in a Zero Trust Model.” The fifth in The CISO View series, it is based on in-depth interviews with a panel of 12 top security executives from Global 1000 companies. The panel shared their first-hand experiences around protecting privileged access while transitioning to Zero Trust, including an analysis of risks and recommended controls.