Around half of US respondents to a small ThycoticCentrify poll indicate either that privileged credentials were stolen from their organisation or that they experienced insider attacks in the past 12 months.
ThycoticCentrify’s CensusWide survey polled 150 US-based IT decision makers on questions around common access privilege threats and zero-trust adoption.
“In 85% of the privileged credential theft instances, cybercriminals were able to access critical systems or data. In addition, two-thirds of insider threats led to the use of administrative privileges to illegitimately access critical systems or data,” ThycoticCentrify’s Kali Linette wrote in a post on the company’s blog.
Around half of respondents also said they had suffered a data breach due to “giving an employee or contractor too much access” in the past 12 months, according to Linette.
IT administrators were most commonly targeted, with engineers, developers and the C-suite next, Linette said.
However, at the same time about three-quarters of respondents also indicated taking a zero trust approach to cybersecurity.
Most respondents had incorporated a privileged access management (PAM) tool into their security infrastructure, with the majority supporting a zero trust approach for verifying privileged users, Linette said.
Access and identification management vendor ThycoticCentrify has just announced a boost to service account governance in Thycotic Account Lifecycle Manager via integrations with cloud vaults including AWS Secrets Manager and Azure Key Vault.
Jai Dargan, vice president of product management at ThycoticCentrify, noted that privileged service accounts automatically connect business-critical applications, databases, root accounts, and other IT systems that contain sensitive information.
“Enterprises need usable security solutions with central oversight and consistent policies that are easy for teams that manage cloud platforms, applications, and devops tools to adopt,” Dargan said in the press announcement.
“Cloud-based service accounts are among the most challenging to govern because they can be commissioned by teams other than central IT.”