Strategies not achieved: 60% of those responsible for cybersecurity

August 4, 2022

Delinea, a leading provider of privileged access management (PAM) solutions for seamless security, has just published the conclusions of its study, conducted through a survey of more than 2,100 technology and security managers, revealing that 60% of respondents believe their overall security strategy is not keeping up with the current threat landscape, saying they are lagging behind (20%), stagnant (13%), or simply “on the run” ” to stabilize up to date (27%) with new security solutions. The survey, which has been carried out in more than 20 countries, including Spain, aims to discover the attitudes of those responsible for cybersecurity towards the security and protection of privileged identities.

Compared to other countries, Spanish respondents appear to be more confident in their security strategy, with 50% saying they are continually adapting their security solutions to cover new threats and only 5% feeling they are falling behind. At the same time, 80% say that their company has experienced these attacks and consider that the three worst consequences were: loss of sensitive data, loss of business and downtime.

Securing identities: a new priority in 2023

Among its main conclusions, it is also worth noting that for the Spanish cybersecurity managers surveyed, the TOP 3 security priorities for the next 18 months are: more security controls, greater integration in the cloud and in IAM. Similarly, hopefully, many organizations are eager to make a change, especially when it comes to protecting identities. In fact, the Delinea study concludes that 90% of those surveyed state that their organization recognizes the importance of identity security in order to achieve their business objectives and, specifically, 87% state that identity security will be a priority in the next 12 months. But at the same time, three-quarters (75%) of IT and security leaders also believe they won't be able to protect privileged identities because they won't get the support they need. This is largely due to budget and executive misalignment, with 63% of respondents saying their company leaders still don't understand the role identity security plays in enabling better business.

The lack of policies endangers the identities of the machines

Research carried out by Delinea reveals that, despite good intentions, companies have a long way to go to protect identities and privileged access. Less than half of the organizations surveyed have implemented ongoing security policies and processes for managing privileged access, such as password rotation or approval, time-based or context-based security, or monitoring of privileged behavior, such as recording and recording. audit. Of even more concern is that more than half (52%) of all respondents allow privileged users to access sensitive systems and data without the need for multi-factor authentication (MFA).

The report brings to light another dangerous discovered in organizations. Privileged identities include humans, such as local and domain administrators, as well as non-humans, such as service accounts, application accounts, code, and other types of machine identities that automatically connect and share privileged information. Yet only 44% of organizations manage and protect machine identities, while most leave them exposed and vulnerable to attack.

Source:

  • Domínguez, ML. (2022). El 60% de los responsables de ciberseguridad no pueden cumplir con su estrategia. Retrieved from: https://cybersecuritynews.es/el-60-de-los-responsables-de-ciberseguridad-no-pueden-cumplir-con-su-estrategia/

Authored by

Jorge Daniel Tejeda