Privileged Credential Abuse: New Study Reveals Paradox of Awareness vs. Inaction

New study by Centrify reveals privileged credential abuse is involved in 74 percent of data breaches, yet over half of organizations are not taking basic steps to prevent It

Centrify, the provider of cloud-ready Zero Trust Privilege to secure modern enterprises, has just published a new survey on the subject of Privileged Access Management (PAM) practices and solutions. The findings are startling. The survey of 1,000 IT decision makers in the US and UK found that, of those whose organizations have experienced a breach, 74 percent acknowledged it involved access to a privileged account. Yet, more than half of these organizations are not taking adequate steps to mitigate this risk:

  • 52 percent of respondents do not have a password vault
  • 65 percent are still sharing root or privileged access to systems and data at least somewhat often
  • 63 percent indicate their companies usually take more than one day to shut off privileged access for employees who leave the company
  • 21 percent still have not implemented Multi-Factor Authentication (MFA) for privileged administrative access

Andy Smith, VP of product marketing at Centrify

What’s going on here? Why would experienced executives not implement countermeasures for such a serious threat? According to Andy Smith, VP of product marketing at Centrify, money is one of the main factors behind this apparent lapse in security. “The investment focus has been on malware in many companies,” Smith explained. “Malware is important, of course, but there has to be a more productive internal dialogue about privileged credential abuse if we are going to see improvements in this critical risk.”

Business are also more interested in revenue-facing initiatives like digital transformation than comparatively dull efforts like PAM. However, according to Centrify, IT practitioners may want to consider that critical and fundamental security controls such as PAM are enablers for Digital Transformation. Indeed, Gartner predicted Privileged Access Management to be the second-fastest growing information security technology in 2019, after being a Top 10 security project for 2018 and again in 2019.

Another difficulty in implementing PAM arises from the massive increase in attack surface area that occurs with the advent of public cloud computing, containers and microservices. With these new modes of IT, security teams must now stay on top of privileged access credentials for thousands of machines. Tim Steinkopf, CEO of Centrify, observed, “Today’s environment is much different than when all privileged access was constrained to systems and resources inside the network. Privileged access now not only covers infrastructure, databases and network devices, but is extended to cloud environments, Big Data, DevOps, containers and more.”

The Centrify survey found that respondents are not controlling privileged access to these modern use cases, including:

  • 45 percent are not securing public and private cloud workloads with privileged access controls
  • 58 percent are not securing Big Data projects with privileged access controls
  • 68 percent are not securing network devices like hubs, switches and routers with privileged access controls
  • 72 percent are not securing containers with privileged access controls

Without automated, easy-to-manage PAM solutions, it is effectively impossible to defend against privileged credential abuse. Centrify is addressing this challenge by redefining legacy approaches to PAM with cloud-ready Zero Trust Privilege.


Photo Credit: dejankrsmanovic Flickr via Compfight cc