Despite devastating cyber attacks reported almost daily in the media, our recent survey suggests that the public only finds out about a small portion of security breaches.
According to the survey, 87% of IT professionals believe large financial hacks are happening more often than reported. And they’re happening right under the watchful eyes of security auditors.
That IT professionals think data breaches occur more frequently than reported is revealing. With zero-day threats and other advanced cyber attacks, intruders are likely already within many IT environments, are undetectable, and have access to credentials on every compromised machine. The IT professionals queried for this survey are understandably more aware of this situation than anyone else in an organization.
Most Companies Persistently Targeted by Cyber Attacks
Just as dire, though, is that slightly more than half (51%) of surveyed IT professionals believe their corporate networks are targets of hackers.
18% of respondents said there is no way to know how often hackers target their networks. 17% believe that the frequency of attacks is daily, while 14% put the number at hourly.
Meanwhile, 71% of respondents expect to see an Advanced Persistent Threat (APT) attempt to breach their organizations within the next six months.
Plan for Cyber Attacks to Occur
So, what can we take away from this survey? For one, there’s a clear lack of visibility among executives into the inabilities of IT to manage cyber risk and mitigate consequences. Not that the blame necessarily lies with IT.
If 87% of IT professionals across multiple industries and regions are seeing unreported data breaches, then senior management is not building resiliency into their business operations when it comes to IT.
These organizations should start by accepting the fact that cyber attacks will occur and they will be successful – just as the respondents of this survey anticipate.
The common methods of cyber attack, including the land and expand vector, depend on intruders moving around the network via stolen credentials. To combat this attack, companies must change the way they use privileged identities from the IT perspective. This means removing the use of domain admin accounts and eliminating local administrator rights on user’s machines.
Only through the automation of privileged identities of all types, and the enforcement of just enough access (JEA) and just in time privilege (JIT), is the firestorm of attacks quelled for most companies.
The situation certainly won’t improve on its own. Automation of cyber attacks and the use of zero days are increasing. Meanwhile, the lack of investment within IT security (training, new products, qualified personnel, etc.) as well as continued use of lowest cost outsourced IT, will raise the frequency of attacks – and their consequences.
About the IT Professional Survey
The survey was conducted among nearly 150 IT professionals attending Microsoft Ignite 2015.