Half of U.S. companies hit with privileged credential theft, insider threats in last year

ThycoticCentrify, a provider of cloud identity security solutions formed by the merger of privileged access management (PAM) leaders Thycotic and Centrify, announced new research that reveals more than half of organizations have been grappling with the theft of legitimate, privileged credentials (53%) and insider threat attacks (52%) in the last 12 months. In 85% of the privileged credential theft instances, cybercriminals were able to access critical systems and/or data. In addition, two-thirds (66%) of insider threats led to abuse of administrative privileges to illegitimately access critical systems and/or data.

The research, commissioned by ThycoticCentrify with CensusWide, surveyed 150 IT decision makers across the U.S. on the most common privileged access risks and Zero Trust adoption trends. In addition to external and malicious insider threat attacks, the study found that nearly half (48%) of organizations experienced a data breach as a result of giving an employee or contractor too much access in the last year.

Based on these compromise patterns, it is not surprising that 65% of respondent companies saw their IT administrators targeted most frequently by cybercriminals, followed by engineers and developers (21%) and the C-suite (19%).

“IT administrators hold the keys to the most sensitive and mission-critical parts of the kingdom, and both internal and external attackers are taking full advantage,” said David McNeely, chief technology officer at ThycoticCentrify. “Abusing access to these systems can lead to full-scale breaches that grab headlines and impact trust in the organization. While there is no single solution that can eliminate every one of these risk factors, adopting Zero Trust principles is an excellent start.”

Zero Trust mandates a “never trust, always verify, enforce least privilege” approach to cybersecurity, whether the threat is coming from inside or outside the network. Promisingly, nearly all respondents are somewhat familiar (33%) or very familiar (62%) with the term, especially as it relates to identity and access management (IAM).

The survey found an impressive 77% currently utilize a Zero Trust approach in their cybersecurity strategy, possibly attributed to the frequent attacks on IT. In fact, 42% listed reducing cyberthreats as the top motivator for adoption, followed by better compliance (30%), reducing privileged access abuse, and inspecting and logging traffic/access requests (both 14%). Common barriers for adoption include complicated or inadequate security solutions (57%), fear of disrupting user experience (43%), budget (38%), and staffing resources (30%).

“There are many on-ramps to Zero Trust. But with privileged identities playing such a key role in most data breaches, it makes sense to begin that journey with a modern PAM solution built around a least privilege model of access control,” said Tony Goulding, cybersecurity evangelist at ThycoticCentrify.

A large majority of respondents (83%) have incorporated a privileged access management (PAM) tool into their security infrastructure, and 89% of those PAM services support a Zero Trust approach to verify privileged users.

Complete results of the survey are available at https://charts.censuswide.com/CW7930/CW7930_VIbox.html. For more information about ThycoticCentrify solutions for managing privileged access, visit www.centrify.com.

*The survey of 150 IT decision makers across the U.S. was conducted by CensusWide in May 2021.

Situational awareness should be at the forefront of your security program. It can mean the difference between life and death in a workplace emergency.

Security’s digital transformation is now entering stage 5. Complex security technologies are connected to HR systems, global security operations centers, and other building technologies in a world where employees now work in two places: home and the corporate office.