Compromised credentials still the culprit in many data breaches

Survey finds access management is a problem in the cloud, companies need to improve perimeter security

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Despite using various cybersecurity defenses to protect against new exposures from cloud and mobile vectors, organizations are still reporting data breaches, including many caused by compromised credentials.

The findings are part of Cloud Security Alliance’s Identity Security Survey Report for which the nonprofit trade group polled 325 managers, C-level executives and staffers in the technology, financial, education, manufacturing and other industries.

The survey also showed that there was no significant difference in security solutions used by respondents who reported a breach and those who didn’t report a breach or didn’t know if one occurred.

John Yeoh, Cloud Security Alliance senior research analyst
John Yeoh, Cloud Security Alliance senior research analyst

Related: How the NIST framework aids incident response planning

“We were happy to find that many respondents had multiple security solutions in place,” says John Yeoh, a senior research analyst at CSA, which aims to raise awareness of best practices to ensure a secure cloud computing environment

Yeoh says that rising implementation of cyber incident response and recovery plans appears to be having a broad meritorious effect. Companies appear to be detecting and deflecting attacks—as well as identifying and curtailing successful intruders—more readily.

“Many organizations are preparing for not just if they are breached, but when they are breached,” Yeoh says.

Even so, attackers continue to enjoy a high success rate, and do seem to have preferred techniques. About one of every five respondents said their organization had a data breach, and nearly 22 percent of those who reported a breach said it was caused by compromised credentials.

Three-quarters of survey respondents were from North and South America,13 percent from Europe, the Middle East and Africa and 12 percent from Asia, Australia and the Pacific Islands. Thirty percent of respondents worked for companies with one to 1,000 employees, and 24 percent of respondents worked for companies employing more than 50,000 workers.

Chris Webber, Centrify security strategist
Chris Webber, Centrify security strategist

Chris Webber, a security strategist for Centrify, which sponsored the study, says he actually expected a higher percentage of breaches from stolen credentials.

“I was most surprised that we didn’t see more correlation between data breach and compromised credentials,” says Webber, whose California company secures enterprise identities against cyber threats and is a CSA member.

Compromised credentials a concern

Webber points out that Verizon’s 2015 Data Breach Investigations Report attributed nearly 50 percent of breaches to compromised credentials, and forensic firm Mandiant has said that 100 percent of the cases they investigate can be traced to stolen credentials.

There are many ways credentials can be compromised, Yeoh notes, including malware attacks, phishing and spear phishing schemes, and re-use of passwords on third-party sites, he says.

The new cloud landscape exacerbates this exposure by adding to the complexity and creating more options for more people to access company data.

Cloud solutions “continue to be adopted at a rapid rate,” according to the survey’s executive summary, “as cloud service providers offer flexible computing and storage needs, easier collaboration with internal users and customers, added security features and more.” This enables organizations “to focus on their core business functions.”

That’s the bright side of cloud and mobile computing. However, assuring the security of sensitive business data is becoming a heightened concern “as the cost of a data breach is greater than ever,” the summary says. “In addition to the value of the data lost, company reputation, legal action, financial penalties and jobs are at stake. Thinking outside the traditional security perimeter is necessary to protect information from the growing list of threats.”

Changing the perimeter paradigm

Fewer than 2 percent of respondents indicated they don’t know, or don’t use, any perimeter-based security solutions. Antivirus, email spam filter, VPN (virtual private network) and next-generation firewall were used by more than 70 percent of respondents.

“While I am very glad to see so many respondents invested in securing their business, I still see a strong percentage of businesses relying on their legacy perimeter security systems,” Webber says. “In today’s increasingly cloud and mobile world, the ‘perimeter paradigm’ has to change. Over time, I’m sure we’ll see more businesses deploying security solutions that protect data outside the firewall—across resources, devices and users.”

Companies with under 1,000 employees were less likely to have MDM/EMM (mobile device management/enterprise mobile management), next-generation firewalls, VPN and WAF (web application firewall) than their larger counterparts. “The cost of additional services may play a factor in adoption with smaller companies,” according to the survey report.

The survey also found that companies “embracing big data solutions” also consistently adopted more perimeter and identity security solutions. Only 22 percent of security professionals surveyed, though, said they use big data solutions.

Companies with more than 50,000 employees were more likely to use a big data solution than companies with 5,000 or fewer workers. And companies in North and South America were more likely to use such a solution than their counterparts in Europe, the Middle East and Africa.

Big data solutions will get bigger

“Big data solutions are quite popular and will continue to grow, but some companies aren’t yet in the business of data analytics,” Webber says.

Yeoh says he expected a higher percentage of respondents would be using big data solutions because of “the massive amounts of data being moved through the cloud.

“Traditional methods for collecting and analyzing data cannot process larger amounts of information sufficiently,” he says. “We expect to see this percentage of solutions for big data to grow rapidly in the future, especially as companies continue to adopt cloud services. The ability to properly utilize vast amounts of data from multiple sources quickly and efficiently should be a priority for a business.”

Companies often “embrace privileged access management,” the survey report says, but are “much less likely” to use other options such as shared account password management, superuser password management, privileged session management, and privileged session recording and monitoring.

Larger companies with more than 50,000 employees were more likely to use each of these controls than companies with fewer than 30,000 employees. In companies that implement privileged access management solutions to protect private users, 76 percent extended them to outsourced IT, vendors and other third parties, the survey found.

More stories related to data security:
Without better data handling by privacy pros, cyber walls will do little good
Compromised patient data sets off a new health care crisis
As cyber attack surface expands, consumers and companies face more risk than ever