Thycotic’s annual Black Hat Survey Report captures the opinions of hackers at the Black Hat Conference. Celebrating its 20th anniversary this year, the event is a hub for security experts and hackers – and a valuable source of intelligence on today’s biggest threats and how businesses can defend themselves.
Last year, the survey report revealed that 75% of respondents believed no password was safe from hackers or the government, as well as exploring key motivations for a breach.
This year, the report delves further into the reasons that accessing privileged accounts remains hackers’ preferred type of attack – and a significant problem for businesses of all sizes.
Fundamentally, the traditional security measures that organisations have invested in aren’t up to the job of protecting privileged accounts. According to 73% of hackers, traditional firewalls and antivirus are obsolete.
Of course, this is an extreme view. Part of the reason that perimeter breaches and conventional viruses are no longer a focus for attackers is because perimeter protection works. However, when one window of opportunity closes, hackers focus their attention elsewhere.
Today, that’s privileged accounts. 32% of hackers say accessing privileged accounts is the easiest and fastest way to get sensitive data. Meanwhile, insider threats that come from within your network render whatever you’re doing at the perimeter irrelevant.
The failings of traditional security are a serious issue, but they’re compounded by the failings of busy, distracted people within an organisation. The Black Hat Survey Report 2017 reveals that 80% of hackers say humans are the most responsible for security breaches, through phishing and targeted scams.
The human weakness in your Privileged Account Management is partly caused by a lack of training and awareness around proper password security. However, with so many high-profile news stories about insider threats, escalated privileges, and devastating consequences, awareness is at an all-time high. It seems that educating your users isn’t enough.
According to the hackers, the number one source of cyber fatigue is remembering and changing passwords. While people understand what best practice security looks like, enforced password complexity and rotation becomes an obstacle to productivity. In an attempt to simply do their jobs, people record passwords in spreadsheets or resort to weak, easy to guess strings.
More than ever before, Privileged Account Management requires a careful balance between security and productivity.
In the full survey report, find out:
Download the Black Hat 2017: Hacker Survey Report now to find out what your potential attackers are really thinking – and what you can do to make their lives harder.Get my Black Hat 2017: Hacker Survey Report