be-nz logo
Story image

Hackers speak: Privileged accounts best way to steal data

25 Aug 2017

From the mouths of the hackers themselves, organisations’ privileged accounts are the most attractive targets for gaining access to critical data.

Those are the results from Thycotic’s 2017 Black Hat survey, which quizzed more than 250 hackers on their methods of extracting critical data.

32% of hackers said that privileged account access was the primary way to get access to critical data, while 27% said email was the easiest way.

"Given that privileged accounts are prime targets for hackers, IT professionals should consider the opinions of the hackers themselves when it comes to protecting privileged accounts," comments Thychotic’s chief security scientist, Joseph Carson.

73% of hackers also said that perimeter security methods such as firewalls and antivirus products are now irrelevant or obsolete. They no longer provide effective barriers to getting inside networks.

Threat intelligence solutions, reputation feeds and education are also the weakest forms of security protection, according to the hackers.

Instead, 32% said multifactor authentication and 32% said encryption were the biggest obstacles facing hackers today.

"In today's connected world, organisations can no longer rely only on the traditional cybersecurity perimeter controls. The new cybersecurity perimeter must incorporate an identity firewall built around employee and data using Identity and Access Management technology controls which emphasizes the protection of privileged account credentials and enhancing user passwords across the enterprise with multi-factor authentication,” Carson continues.

85% of hackers said people were the primary sources of blame for security breaches, even more than inadequate security and unpatched software.

35% said that changing passwords and remembering new ones was a major source of cybersecurity fatigue.

"With traditional perimeter security technologies considered largely irrelevant, hackers are focusing more on gaining access to privileged accounts and email passwords by exploiting human vulnerabilities allowing the hacker to gain access abusing trusted identities," Carson explains.

"More than ever, it is critical for businesses to mitigate these risks by implementing the right technologies and process to ward off unsuspecting attacks and access to sensitive data."

Last month, Thycotic conducted its first annual State of Cybersecurity Metrics Report. Out of 400 respondents, 58% of organisations scored an ‘F’ or ‘D’ grade in terms of how they measure their cybersecurity investments and performance against best practices.

One in three organisations invested in cybersecurity solutions with no way to measure effectiveness or value.

"It's really astonishing to have the results come in and see just how many people are failing at measuring the effectiveness of their cybersecurity and performance against best practices," Carson notes.

"At a time when threats are escalating and the need for quantifiable metrics are putting security teams and executives under pressure, the 2017 State of Cybersecurity Metrics Report reveals what is actually occurring so that companies can produce assurances, remedy their errors and protect their businesses,” he concludes.

Story image
Firms that use social as a 'megaphone' miss out on transformation - Hootsuite
Organisations often limit social to the marketing department, but instead it should be connected into the ‘lifeblood and workflow’.More
Story image
Aruba unveils channel award winners + SMB and partner strategies
"We remain fully committed to delivering products, programs and services that support their business goals and helping partners grow their opportunities."More
Story image
NZX CIO David Godfrey to resign by year's end
"David has been in the business for more than a decade, and has been a great contributor over that time - including through the challenges we faced this year due to COVID and the more recent cyber attacks where he has shown wonderful calmness and support of his teams.”More
Story image
Christchurch-based startup hits its stride with $600K seed funding
“We’re on a mission to give people back their time so they can spend it on things that matter, such as growing their businesses. Thanks to this investment round, we're going to be able to accomplish our mission much faster.”More
Story image
AWS launches new edge location in New Zealand
“The launch of our first AWS edge location in New Zealand demonstrates AWS’s commitment to helping local customers innovate and build, increase productivity, expand into new markets, and enhance the nation's digital infrastructure."More
Story image
Adobe releases 'Liquid Mode' to make PDFs more mobile-friendly
Adobe has a vision for the digital document, and it goes beyond large desktop or notebook screens to encapsulate other modern ways of working, such as mobile devices.More