Over the years, the automation and flexibility investments of organizations have increased. The risks but they grow, as there is in fact a lack of awareness of the existence of privileged credentials in DevOps, in RPA (robotic process automation) and in in cloud.
According to the CyberArk Global Advanced Threat Landscape report of 2019, fewer than 50% of organizations have access security strategy for DevOps, IoT, RPA and other technologies.
Preventing this lateral movement is one of the reasons for mapping the security investments of organizations. 28% of the total planned security costs over the next two years is centered on the cessation of privilege escalation and lateral movement.
Of the people who participated in the survey, 78% detected hacker attacks on the three biggest threats: organized crime, activists, privileged insiders. On the other hand, 60% of respondents reported as one of the greatest security risks Phishing and then ransomware and Shadow IT.
In practice, research has shown that while organizations regard privileged access security as a key component of an effective cybersecurity program, this understanding has not yet been translated into action to protect digital transformation technologies.
84% of organizations surveyed said IT and critical data would never be completely secure unless privileged accounts and credentials. However, only 49% has a security strategy to preserve them.
CyberArk's executive vice president of global business development, Adam Bosnian, said that more and more organizations are aware of the importance of its risks cyber kill chain and why lateral movement is critical to safety issues. He also said that this awareness is not enough and needs to be transformed into the implementation of preventative strategies to substantially reduce the risk.
Still research shows that 41% of organizations intends to pay fines for non-compliance with key regulations but will not change security policies even after successful cyberattack.
The survey also looked at the impact on organizations of important regulations. From this piece of research we see that 46% of organizations are fully prepared for a violation within 72 hours. 62% of respondents in Australia report that they were fully prepared to comply with the entire statute, which came into force in February of 2019. Finally, only 37% is ready to implement California Consumer Protection Law 2020.