Advertisment

Businesses plan defense strategies against retail breaches

author-image
Preeti Gaur
New Update
retail-breaches

68% of businesses stated that the NSA breach by Edward Snowden and the number of retail/point of sale (PoS) system breaches in the past year were the most significant in terms of modifying security strategies to protect against the latest security threats

Advertisment

Compiled by Preeti Gaur

According to CyberArk’s survey across North America, Europe and the Asia-Pacific – 68% of businesses stated that the NSA breach by Edward Snowden and the number of retail/point of sale (PoS) system breaches in the past year were the most significant in terms of modifying security strategies to protect against the latest security threats. Most organisations believe that attacks reaching the privileged account takeover stage are the most difficult to detect, respond to and remediate. Here are the key findings of the survey.

1. Snowden and Retail/PoS Breaches Influence Security Strategies the Most

Advertisment

Cyber-attacks or data breaches in the past year that had the biggest impact on the respondents’ security strategy:

37%—NSA/Edward Snowden breach

31%—The retail/PoS attacks

Advertisment

19%—Government-sponsored espionage

2. Third-Party Privileged Access Emerges as Critical Security Vulnerability

As companies move to the cloud and streamline the supply chain by providing routine network access to third-parties, cyber-attackers are increasingly targeting these partners to steal and exploit their privileged access to the target company’s network. This pathway was used in some of the most devastating breaches in the last 12 months.

Advertisment

The survey found:

60% of businesses now allow third-party vendors remote access to their internal networks

Of this group, 58% of organisations have no confidence that third-party vendors are securing and monitoring privileged access to their network

Advertisment

3. Attackers are on the Inside – Protect Your Privileges

Organisations continue to face sophisticated and determined attackers seeking to infiltrate networks. Many organisations face daily perimeter-oriented attacks, such as phishing, designed to give attackers a foothold to steal the privileged credentials of an employee to give them defacto insider status. The survey found:

52% of respondents believe that a cyber-attacker

is currently on their network, or has been in the

past year

Advertisment

44% believe that attacks that reach the privileged account takeover stage are the most difficult to detect, respond to and remediate.

29% believe it is the malware implantation stage

4. Other trends that impacted security strategies

Advertisment

Survey respondents stated that the following trends were the most impactful in terms of shaping and changing their security strategies:

30% stated Bring Your Own Device (BYOD)

26% stated cloud computing

21% stated regulatory compliance

16% stated the Internet of Things (IoT)

5. Security analytics is the way to go when asked whether their organisation had or was considering deploying security analytics, this year’s survey found that:

31% of businesses have already deployed security analytics in some form

23% were planning on deploying security analytics in the next 12 months

33% had no plans to leverage security analytics

Loss of IP and competitive advantage, diminishing brand value, loss of customers and negative shareholder impact are just a few of the business impacts many organisations felt as a result of cyber-attacks this year. This year’s survey results demonstrate that whether it’s an insider like Edward Snowden, or an outside-based attack like the retail/PoS breaches, attackers require the exploitation of insider credentials to successfully execute their attacks,” remarked Adam Bosnian, executive vice president, CyberArk.

Source: CyberArk’s 8th Annual Global Advanced

Threat Landscape survey

breaches business
Advertisment