Ever since the pandemic hit, companies globally are trying to progress their digital capabilities and rapidly undertaking business transformation initiatives. Despite the revenue declines amid COVID-19, most of the organizations are increasing their cloud security and digital transformation budgets.
Recent analysis from security firm CyberArk revealed that 97% of senior-level security executives stated that cybercriminals are trying to steal one or more types of credentials. While organizations globally are increasing third-party access to corporate resources and moving their digital assets to the cloud for a sustained remote work model, opportunistic cybercriminals are catching up with the situation by increasing their cyberattacks on organizations’ cloud facilities. The analysis, “The CISO View 2021 Survey: Zero Trust and Privileged Access,” found that threat actors are targeting users and organizations that are not adequately protected.
The analysis revealed that security leaders are embracing the Zero Trust model for securing privileged access to the company’s critical data.
Key Findings
- The most widely reported group facing increased attacks is end-users – including business users with access to sensitive data. A majority of respondents (56%) report such users as being increasingly targeted by attackers.
- Attacks are also on the rise against senior leadership (48%), third-party vendors and contractors (39%), and DevOps and cloud engineers (33%).
- Widespread increases in credential theft attempts were reported for personal data (70%) and financial systems and data (66%). This is clear evidence of attackers’ interest in gaining high-value access – access to highly sensitive systems that are often held by end-users rather than administrators, for example.
What is a Zero Trust model?
Zero Trust is a security model that recommends a strict identity verification process in an organization. The model directs that only authorized devices and users can access the company’s critical data, applications, and services. First introduced in 2010 by security analyst John Kindervag at Forrester Research Inc., the Zero Trust model protects users against advanced threats online.
Embracing Zero Trust Model
The model has become a primary requirement for modern-day digital transformation and network security. Now, several security leaders implementing the Zero Trust model in their organizations to boost their enterprise systems and data security.
The analysis found:
- Nearly, 88% of respondents said adopting more of a Zero Trust approach is very important or important.
- To implement a Zero Trust model, the top priority was controls focusing on Identity and Access Management (IAM), chosen by 45% of respondents.
- Several types of IAM controls were favored to protect access to sensitive systems. Just-in-time access controls were highly valued, with 87% of respondents saying reducing standing privileges is an important or very important aspect of Zero Trust.
- Endpoint security remains an operational challenge for 94% of respondents – 46% said that installing and maintaining agents made endpoint security challenges.
- Over 86% said user experience optimization is important or very important, highlighting a need for security tools and policies that will not be bypassed or ignored due to security fatigue.
Cybersecurity experts say…
Commenting on the Zero Trust model approach, Mike O’Malley, Senior Vice President, CyberArk, said, “Reverberations from the SolarWinds attack continue to underscore the need to protect privileged credentials and break the attack chain to organizations’ most valuable assets. As new identities multiply across the enterprise, this survey emphasizes the importance of a Zero Trust-based approach to Identity Security. For security leaders seeking to mitigate the risks of spear-phishing, impersonation attacks, and other forms of compromise, we believe the peer experiences captured in the CISO View reports will serve as an invaluable tool, no matter where their organization is on the Zero Trust maturity curve.”
