CyberArk Makes Security Predictions for 2015
For Immediate Release
CyberArk Makes Security
Predictions for 2015
Singapore. January 23, 2015 – CyberArk (NASDAQ: CYBR), the company that protects organisations from cyber attacks that have made their way inside the network perimeter, today outlined its security predictions for 2015.
•Sony is not an
anomaly
In terms that Sony is being called out for
in terms of poor security are very common across
enterprises. The prevalence of poor password policies is
mindboggling – CyberArk sees this all the time when we
meet with prospective customers at large Global 2000
enterprises. Unknown/undiscovered service accounts,
privileged passwords that have not been changed in as many
as 25 years! Exploitation of privileges allowing attackers
undiscovered on a network for months/years.
•Reign
of the insider threat
The insider threat is expected
to take centre stage, with greater sophistication, in the
security landscape in 2015 as they have proven to be the
quickest way to breach networks and steal data. Rogue
employees today not alone collaborate with external
cybercriminals and are armed with sophisticated
technologies. Organisations will start to be more aware that
insider threats cost more than being breached by an external
attacker, and continue to invest more in behaviour
indicators and classifying data and monitoring access.
•The Kevin Bacon effect of Remote Access
The
‘six degrees’ that separate attackers from your IP /
data often include a vendor with access to your systems or
other remote access. Threat investigators have traced
attacks to non-traditional targets such trucking companies
and all types of professional services firms, from
management consultants and auditors to litigation attorneys,
frequently as a key step in an attack on a business partner.
Our research shows 60 per cent of businesses now allow
third-party vendors remote access to their internal
networks. Of this group, 58 per cent of organisations have
no confidence that third-party vendors are securing and
monitoring privileged access to their network
•The
Internet of Things (IoT) in enterprises
In 2015,
enterprises will start to adopt devices that communicate
with each other, giving rise to the Internet of Things
(IoT). According to Gartner, 4.9 billion connected things
will be in use next year, an increase of 30 per cent from
2014. Security issues surround IoT will also gain traction
due to the fact that these devices are not inherently secure
which could potentially lead to device hacks or data
leakages. Organisations will increasingly be concerned with
who manages and operates these devices, and technology
approaches to manage the security and risk of IoT.
•The emergence of more severe banking threats
Malware targeting the banking industry is expected
to be more advanced in 2015. Other than the usual phishing
and social engineering attacks, banking malware used by
cybercriminals are expected to be stealthier, being able to
hide on networks, targeting privileged accounts. They will
also have capabilities such as being able to steal users'
credentials, along with harvesting data to send back to
command-and-control systems used by cybercriminals. This
will prompt enterprises to invest is safeguarding and
restricting access to data on networks.
•Healthcare
industry gains popularity among cybercriminals
The
healthcare industry will be a key target of cyber attackers
in 2015. A report by BitSight Technologies has already found
that the healthcare and pharmaceutical industry ranks the
lowest in terms of security performance compared to the
finance, utility and retail sectors. Such data has a longer
shelf life and are therefore more valuable than users'
financial data which are likely to change over time. We
expect to see campaigns targeting patients' records in the
healthcare industry. With IoT gaining traction among
organisations, there could potentially be security breaches
of medical devices such as pacemakers.
•Data
protection laws in full force
While legal frameworks
have started to be firmer, 2015 will see more rapid
developments surrounding data protection law. This will put
added pressure on organisations in the region to secure the
data of customers. This includes coming up to internal data
protection strategies such as having privileged and
restricted access to more sensitive customer data.
•Social media, tools as a threat frontier
Social media, along with collaborative and social
tools such as Google Docs have gained traction in recent
years and the trend is expected to continue into 2015.
However, social media and tools are set to be the next
threat vector for enterprises. Many organisations have
corporate social media pages but do not have the same
vigilance level when it comes to security, as compared to
sensitive corporate data. Social media accounts are
effectively poster children for the vulnerabilities
associated with shared privileged accounts. Hackers and
malicious insiders will target the passwords for these
accounts, which are easy to crack and are shared among
teams.
•Cloud adoption drives privileged account
security
Organisations have turned to cloud
computing and mobile devices to stay competitive as well as
increase the productivity of employees in recent years. As
the use of cloud continues to grow in enterprises in the
year ahead, SaaS, PaaS and IaaS will lead to an explosion of
privileged accounts due to its presence of third-party
vendors on internal networks. Organisations will look to
enhance security of privileged accounts with more
capabilities such as context-aware access controls and
automatic credential management.
About CyberArk
CyberArk is the only security company focused on
eliminating the most advanced cyber threats; those that use
insider privileges to attack the heart of the enterprise.
Dedicated to stopping attacks before they stop business,
CyberArk proactively secures against cyber threats before
attacks can escalate and do irreparable damage. The company
is trusted by the world’s leading companies – including
more than 35 percent of the Fortune 100 and 17 of the
world’s top 20 banks – to protect their highest value
information assets, infrastructure and applications. A
global company, CyberArk is headquartered in Petach Tikvah,
Israel, with U.S. headquarters located in Newton, MA. The
company also has offices throughout EMEA and Asia-Pacific.
To learn more about CyberArk, visit www.cyberark.com, read the company blog,
http://www.cyberark.com/blog/, follow on
Twitter @CyberArk or Facebook at https://www.facebook.com/CyberArk.