The WannaCry ransomware attack in May 2017 crippled the UK’s National Health Service (NHS) and disrupted a range of organizations across 150 countries. Despite being a relatively unsophisticated attack, WannaCry was able to make such a global impact due to preventable vulnerabilities that had largely gone unaddressed. There were many more attacks in 2017, including high-profile breaches at Uber and Equifax, where heeding cyber-security recommendations may have reduced the impact and fallout.
The scale and sophistication of cyber-attacks is not slowing down – ranging from phishing scams to cryptocurrency-based cyber-attacks, to statesponsored attacks on industrial control systems. These attacks present an ever growing challenge and serve as a reminder that organizations cannot afford to be complacent in the face of cyber threats. We’re living in a time when cyberattacks are a matter of when, not if, and security professionals must focus on mitigating their extent and damage.
Our 2018 research results confirm that security professionals are aware that a breach is only a matter of time, with 50% of respondents having already suffered a serious breach or expecting to experience one within the next six months (up from 42% last year). Privileged Access Threat Report 2018 With many of these breaches linked to the misuse of insider (62%) or third-party (66%) privileged credentials, it’s clear that although organizations understand the risks, they aren’t successfully addressing how they manage privileged credentials to protect their critical assets and systems.