Nick bowman, Senior Manager, EMEA and APJ Corporate Communications, CyberArk
Businesses today run on a myriad of applications deployed across every department to increase efficiency. These apps are absolutely critical to businesses, from enterprise resource planning to customer relationship management – to the point that any disruption could have a serious effect on operations and profitability.
The main issue that we are witnessing in the industry is the gap that exists between what organizations think they are achieving in terms of securing their business-critical apps and what’s actually going on. At CyberArk, we recently surveyed 1,450 business and IT decision-makers in EMEA on their security strategies for securing the applications that the business runs on. The results were quite telling.
While 72% of those surveyed were confident that their organization could successfully prevent a cyber attack that could affect their business-critical apps, the reality is that only 31% actually prioritize putting in place specific protection against attacks on them. This means that most companies treat the security of applications that are their lifeblood exactly the same as, say, their internal holiday booking system. This has to be wrong.
The reality is that perimeter security is no longer what businesses should be prioritizing and with Forrester estimating that 80% of data breaches involve compromised privileged credentials, businesses need to rethink their strategies. Companies should always assume that the hacker is already in, as our research shows: nearly 56% of large organizations in EMEA have experienced an incident that resulted in data loss, integrity issues and service disruptions affecting business-critical applications in the last two years, while only a third (34%) of organizations hadn’t faced any incidents over the last 24 months that affected them.
It’s time for businesses to consider their organizational risk as a whole. Perimeter security alone is no longer enough, and businesses need to build up from the assumption that the hacker is already in. This means their security policies need to embed layered protection across all areas of the enterprise: from endpoints, on-premises and cloud security to SaaS and vaulting privileged accounts.
The message is clear: businesses should focus on minimizing the damage that can be done to key applications so they can continue to run seamlessly even in the event of a breach. The days of generic security policies are over.