The vast majority (87 percent) of IT professionals believe large financial hacks are happening more often than reported, and right under the nose of security auditors, according to a survey of nearly 150 IT professionals conducted by Lieberman Software.
Meanwhile, 71 percent of respondents think that an advanced persistent threat (APT) attack will attempt to breach their organization in the next six months.
“There is a clear lack of visibility of the CEO and board of directors to the weaknesses and the inability of IT to manage risk and mitigate consequences to known outcomes,” Philip Lieberman, president of Lieberman Software, told eWEEK. “From a leadership point of view, many … companies and government agencies [are being run] with a ticking time bomb and no ability to stop it or reduce the consequences of a breach. Not all of the blame lies with IT, but senior leadership of companies [is] not building in resiliency into their business operations when it comes to IT.”
The study also found that IT professionals (89 percent) believe the recently announced U.S. federal government cyber-security sanctions provide a deterrent to cyber-criminals.
“IT can build and operate workstations, servers and the cloud in a manner that service can be restored quickly. The common attack as well as the land and expand methods of intruders depend on moving within the network via stolen credentials,” Lieberman said. “To minimize this consequence, companies must change the way they use privileged identities from the IT perspective—no use of domain admin accounts—and the removal of users having local administrator rights on their own machines.”
He said these changes and the hygienic operation of identity management are keys to minimization of consequences.
“Further automation of attackers and the increased use of zero days and unpatched vulnerabilities are increasing. The lack of investment within internal IT security as well as continued use of lowest cost outsourced IT will raise the frequency of these attacks and their consequences,” Lieberman said. “There is an evolution of a new class of managed security services vendors that should find great success in cleaning up and running previously uncontrolled and infected environments, but unfortunately, most will be after the damage has been done to the organizations.”
He said his company believes that only through the automation of privileged identities of all types and the enforcement of only just enough privilege (JEA) and just in time privilege (JIT) will the firestorm of attacks be quelled for most companies.
“These techniques and technologies are readily available from many vendors and can be implemented at no cost, but they do require fundamental changes in the processes used by companies and government agencies,” he explained.
Almost 30 percent of those polled are not confident that their IT security staff can detect a cyber-attack attempting to breach their network, and nearly half (49 percent) of respondents believe that external cyber-attacks pose the bigger risk to their network, versus 35 percent who think that insiders are the larger risk.
