Report: Credential access is the biggest risk for ransomware attacks

We’re excited to bring Transform 2022 back in person on July 19 and pretty much July 20-28. Join AI and data leaders for insightful conversations and exciting networking opportunities. Register today!

Every major IT-related initiative – from enabling hybrid work to introducing new digital services for customers or citizens – results in more digital interactions between people, applications and processes. A new report from CyberArk highlights how the emergence of human and machine identities has led to an accumulation of identity-related cybersecurity debt, exposing organizations to greater cybersecurity risks.

Recent organization-wide digital initiatives have come at the cost of accrued cybersecurity debt – driven by security investments that have failed to keep pace with organizations’ efforts to focus on driving business and growth. Seventy-nine percent agree that in the past 12 months, their organization has prioritized maintaining operations over ensuring robust cybersecurity.

This acceleration of digitization and the resulting proliferation of digital identities is creating a growing attack surface. More than 70% of organizations surveyed have experienced ransomware attacks in the past year. The report found that access to credentials was the highest risk for respondents (at 40%), followed by defense evasion (31%), execution (31%), initial access (29%) and privilege escalation (27%) .

The debt is compounded by the recent rise in geopolitical tensions, which have fueled the need for greater awareness of the physical impact of cyber-attacks, particularly on critical infrastructure. The report shows that 88% of energy and utilities companies have had a successful attack on the software supply chain.

Participants identified several new measures that their organizations have already introduced or plan to introduce to help reduce cybersecurity debt. The top three measures, each mentioned by 54% of respondents, are real-time monitoring and analytics to control all privileged session activities; least-privilege security / zero-trust principles on infrastructure running mission-critical applications; and processes to isolate mission-critical applications from Internet-connected devices to limit lateral movement.

The report represents the findings of a global survey conducted by Vanson Bourne of 1,750 IT security decision-makers, highlighting their experiences over the past year in supporting their organizations’ growing digital initiatives. Respondents were located in the US, UK, France, Germany, Japan, Italy, Spain, Brazil, Mexico, Israel, Singapore and Australia.

Read the full report by CyberArk.

The mission of VentureBeat is a digital city square for technical decision-makers to gain knowledge about transformative business technology and transactions. Learn more about membership.