‘Attackers will always find a way past the perimeter’, but top execs still woefully ill-prepared to mitigate hacking attacks, study finds

PUBLISHED : Thursday, 01 October, 2015, 7:45am
UPDATED : Thursday, 01 October, 2015, 7:45am

Top executives and IT professionals are naïve when it comes to the risk of cyber attacks, with almost half living under the mistaken belief they can fully protect their networks from hackers, according to a global security survey.

C-suite executives lack sufficient understanding of cyber attacks, with 44 per cent of business leaders believing it is possible to keep hackers out of their network, according to the 9th Annual Global Threat Landscape Survey by CyberArk, which was released on Wednesday. 

READ MORE: Taiwan launches hackathon to help make itself an impregnable fortress against cyber criminals from China as attacks proliferate

A further 25 per cent of respondents believed it was possible to detect intruders within hours when in reality it can take 200 days to uncover threats, the report found.

“Protecting against cyber attacks isn’t just about protecting data, it’s also about protecting the ability to continue conducting business as usual,” said Jack Poon, regional director for Greater China of CyberArk Software. 

“CEOs and other executives must become more engaged in security decisions.”

CyberArk’s survey found that 61 per cent of respondents reported that a “privileged account takeover” was the most difficult form of cyber attack to guard against, up from 44 per cent in 2014. 

READ MORE: Xi and Obama agree on cybercrime cooperation meetings as threat of sanctions of alleged theft of trade secrets looms

These attacks can take over a network or steal huge amounts of data, and were the same kind that caused massive data breaches at Sony Pictures and the US Office of Personnel Management last year. 

The OPM attack saw the personal information of 19.7 million federal employees who applied for background checks stolen from its networks.

CyberArk’s Poon said companies must implement security controls such as patching, regular system updates and tightened controls over privileged accounts to reduce their exposure to hackers.

Instead of taking full responsibility for a company’s cybersecurity, 48 per cent of respondents laid the blame on employee habits, while 29 per cent pointed to the increasingly sophisticated nature of the attacks.

READ MORE: Hackers threaten to take down websites of Hong Kong banks unless they pay bitcoin ransoms

“Attackers will always find a way past the perimeter,” Poon said. 

“Security strategies must assume this and focus on limiting attacker movement once they infect an endpoint or trick an employee into clicking a malicious link.”