Businesses Come Up Short on Privileged Account Security | eWeek

Businesses Lacking on Privileged Account Security: Report

it security and pam
Écrit par
Nathan Eddy
Nathan Eddy
Jul 22, 2016
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

There appear to be major shortcomings in the current state of privileged credential password and access security among organizations worldwide, according to a Thycotic survey of more than 500 IT professionals worldwide conducted by Cybersecurity Ventures, a research and market intelligence firm.

The survey, which also offered up recommendations for ways to address the most common failures in privileged account management (PAM), indicated many organizations do not treat privilege account security different from standard accounts, with 20 percent of respondents failing to change default passwords.

In addition, 30 percent allow sharing of passwords, and 70 percent do not require any level of approval, likely contributing to privilege sprawl.

What is even more disconcerting is that half of respondents do not audit these activities, suggesting that when one account gets compromised, it is possible privilege escalation can occur quickly.

Among the other surprising findings was the gap between the 80 percent of respondents that see it as a high priority and the 60 percent of organizations that are required to manage privilege accounts.

However, just 10 percent of organizations have actually implemented a commercial dedicated solution, indicating many companies are still doing this manually.

“Privileged accounts are pervasive and act as the ‘keys to the IT kingdom,’ providing complete access to, and control of, all parts of IT infrastructure and critical business data,” Steve Kahan, vice president of Thycotic, told eWEEK. “In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take control of and disrupt an organization’s IT infrastructures, steal confidential information and commit financial fraud.”

Privileged accounts are used by system administrators, third-party and cloud service providers, applications and business users, and they exist in nearly every connected device, server, hypervisor, operating system, database and application.

“Organizations worldwide are experiencing an unprecedented increase in the sophistication, scale and frequency of cyber-attacks,” Kahan said. “The challenge this presents is intensified by the growing adoption of new technologies, such as cloud computing, virtualization, enterprise mobility and social networking, which has resulted in increasingly complex and distributed IT environments with significantly larger attack surfaces.”

Kahan noted businesses are just beginning to adapt their security strategies to address this new threat environment and are evolving their approaches based on the assumption that their network perimeter has been or will be breached.

“They are therefore increasingly implementing new layers of security inside the network to disrupt attacks before they result in the theft of confidential information or other serious damage,” he said.

He also noted regulators are also continuing to mandate rigorous new compliance standards and audit requirements in response to this evolving threat landscape.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.