Hyland 160x1200

Hyland 160x1200

Hyland 705x108

Friday, 12 August 2022 18:06

Security pros 'running to keep up': Delinea research

By Delinea

GUEST RESEARCH: Research from leading provider of privileged access management (PAM) solutions Delinea highlights that 60% of IT security decision makers are held back from delivering on IT security strategy.

 Delinea, a leading provider of PAM solutions for seamless security, today announced findings from a global survey of 2,100 IT Security Decision Makers (ITSDMs) which reveals that 60% of respondents believe their overall security strategy does not keep pace with the threat landscape, and that they are either lagging behind (20%), treading water (13%), or merely running to keep up (27%).

Conducted in more than 20 countries – including Australia, New Zealand, Singapore and Malaysia – the research polled attitudes towards identity security and the protection of privileged identities.

The results are from an online survey Sapio Research fielded on behalf of Delinea during June 2022. 2,100 IT and security professionals in 23 countries responded, representing a cross-section of decision makers.

The report also highlights differences between the perceived and actual effectiveness of security strategies. While 40% of global respondents believe they have the right strategy in place, 84% of organisations reported that they have experienced an identity-related breach or an attack using stolen credentials during the previous year and a half.

In Australia and New Zealand only 33% of respondents believe they have the right strategy in place, with 96% having experienced a breach or attack. In Singapore and Malaysia, on the other hand, 47% believe they have the right strategy in place, even though 88% had experienced a breach or attack.

Promisingly, many organisations are hungry to make a change, particularly when it comes to protecting identities. In fact, 90% of respondents state that their organisations fully recognise the importance of identity security in enabling them to achieve their business goals, and 87% say that it is one of the most important security priorities for the next 12 months.

However, three quarters (75%) of IT and security professionals also believe that they'll fall short of protecting privileged identities because they won't get the support they need. This is largely due to a lack of budget and executive alignment, with 63% of global respondents saying that their company's board still doesn't fully understand identity security and the role it plays in enabling better business operations. In Australia and New Zealand, 81% say their board doesn't fully understand identity security; in Singapore and Malaysia, the proportion is 70%.

"While the importance of identity security is acknowledged by business leaders, most security teams will not receive the backing and budget they need to put vital security controls and solutions in place to reduce major risks," said Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea

"This means that the majority of organisations will continue to fall short of protecting privileges, leaving them vulnerable to cybercriminals looking to discover privileged accounts and abuse them."

The research reveals that, despite good intentions, companies have a long way to go to protect privileged identities and access. Less than half of the organisations surveyed have implemented ongoing security policies and processes for privileged access management, such as password rotation or approvals, time-based or context-based security, or privileged behaviour monitoring such as recording and auditing. Even more worryingly, more than half (52%) of all respondents allow privileged users to access sensitive systems and data without requiring multi-factor authentication (MFA).

The report brings to light another dangerous oversight. Privileged identities include humans, such as domain and local administrators, as well as non-humans, such as service accounts, application accounts, code, and other types of machine identities that connect and share privileged information automatically. However, only 44% of organisations manage and secure machine identities, while the majority leave them exposed and vulnerable to attack.

Carson added, “Cyber criminals look for the weakest link and overlooking 'non-human' identities - particularly when these are growing at a faster pace than human users – greatly increases the risk of privilege-based identity attacks. When attackers target machine and application identities they can easily hide, moving around the network to determine the best place to strike and cause the most damage. Organisations need to ensure machine identities are included in their security strategies and follow best practices when it comes to protecting all their IT 'superuser' accounts which, if compromised, could bring the entire business to a halt.

For more information, insights and guidance, download a complimentary copy of the full report at: https://delinea.com/resources

Read 1573 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News