74% of Enterprise Breaches Involved Access to a Privileged Account

74% of Enterprise Breaches Involved Access to a Privileged Account

This morning, privileged access management solution provider Centrify released their latest survey, “Privileged Access Management in the Modern Threatscape.” Among its findings, Centrify discovered 74% of respondents whose enterprise suffered a breach said it involved a privileged account.

In the Privileged Access Management in the Modern Threatscape survey, Centrify polled 1,000 IT decision makers in the U.S. and the U.K. They revealed privileged credentials remain hackers’ attack vector of choice. In fact, Centrify noted Forrester Research estimated 80% of security breaches involve privileged accounts; moreover, 66% of enterprises have suffered at least 5 breaches if not more.

Overall, the Privileged Access Management in the Modern Threatscape survey found widespread PAM immaturity among enterprises both in the U.S. and the United Kingdom. 26% of U.S. respondents expressed uncertainty concerning the very definition of privileged access management.

Only 28% of respondents overall expressed a preference for privileged access management as a top 3 digital project. For comparison, 40% said digital transformation.   

Other key findings from the Centrify Privileged Access Management in the Modern Threatscape survey include:

  • 52% of enterprises don’t have a password vault.
  • 65% admit to sharing root or privileged access.
  • 21% still have not implemented multifactor authentication on their superuser accounts.
  • 63% said it takes their enterprise more than a day to remove the privileged access from an account in the event an employee leaves the company.
  • 45% say they don’t use privileged access to secure their public and private cloud workloads.
  • 72% don’t use privileged access to secure containers.   

Comments on the Modern Threatscape

Centrify CEO Tim Steinkopf shared his thoughts on the survey’s findings. “What’s alarming is that the survey reveals many organizations, armed with the knowledge that they have been breached before, are doing too little to secure privileged access. IT teams need to be taking their Privileged Access Management much more seriously, and prioritizing basic PAM strategies like vaults and MFA while reducing shared passwords.”

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner