506 IT professionals working at companies with 50 or more employees took part in the research. The results shine a spotlight on the current state of IT security and attitudes among security and IT professionals.
The findings revealed disadvantages and advantages. But while there are some seeming bright spots for IT pros in the results, some of the data may show a perception/reality gap in the minds of IT and security professionals.
For example, a combined 72% of respondents feel “fairly well” (44%) or “very well” (27%) prepared against enterprise-grade ransomware attacks.
Jérôme Robert, CMO of Alsid, said: “This confidence is nice to see, but unfortunately the everyday reality suggests a different story. I get the sense that if you asked all the companies which have recently been hit by ransomware if they were well prepared before those attacks, they would probably have said yes. So that confidence didn’t help them, in fact it probably hurt them because maybe they weren’t asking the questions they could have been.”
When questioned about their own roles:
Turning the focus to their organisations, when asked about preparedness for certain types of attacks a combined 29% admitted to being “not very well” (22%) or “not at all well” (7%) prepared for insider threats – an attack perpetrated by someone within the organisation.
This makes insider threats the highest-ranking threat in the category. In second place, 18% said their employer was “not very well” (13%) or “not at all well” (5%) prepared for an attempted “targeted data theft.” 14% of respondents said they were not prepared for DDoS attacks, and attacks which exploit suppliers’ (third-party) access ranked fourth with 13% stating a lack of preparedness.
Ransomware attacks are just one of the many types of attacks which rely on compromising the Active Directory, which is sometimes forgotten as an element of an organisation’s IT security. Of organisations which have an Active Directory, the survey data shows that responsibility for Active Directory security is split between functions, with 27% of those IT professionals reporting that responsibility lies with the IT team, and 19% stating that the security team holds responsibility for Active Directory security. 16% of respondents said that their organisation employs an Active Directory security specialist.
But 24% said that they don’t know who is responsible for Active Directory security within their organisation – showing that sometimes this important function can fall through the cracks between the IT and security teams.
Furthermore, just one in five (21%) IT professionals said they have followed security best practice by testing a complete Active Directory restoration successfully more than once, and then incorporating the findings into their cyber security policy.
16% of respondents whose organisations have an Active Directory stated that Active Directory security is not treated as a priority in their organisation, whereas 31% replied that AD security is a priority, but not a top priority. 26% said that Active Directory security is treated as one of the top priorities by their employer.
Jérôme continues:
“The enhanced profile of cyber threats and attacks is driving changes at the heart of IT and security functions within businesses, and I don’t think anyone can say now that security isn’t taken seriously at a senior level within companies.
So the good news is that we’ve come a long way already, but you only need to look at the news to see that there are still gaps in security which lead to things like massively expensive ransomware incidents”.
“As a central part of all enterprise information systems, the Active Directory is now the primary target for large-scale attacks – particularly in medium and large enterprises,” adds Robert. “It’s positive to see that the perceived importance of AD security is now growing after years where it was left out in the cold and pretty much ignored.
This led to it being seen as a soft target for cybercriminals, which is where we are today. So in a weird way, the popularity of the Active Directory as an attack vector is driving knowledge and awareness and forcing companies to act. Companies are also finding that AD protection is a valuable investment because of its broad applicability right across the kill chain, and its ability to disrupt many different types of attacks.”
Other statistics from the research include:
Alsid’s solution strengthens companies’ infrastructure and detects attacks in real-time, preventing them from spreading across a network. Recent major cyberattacks either known or thought to have proliferated via the Active Directory include the Demant breach in Denmark, some 621 US public sector bodies, and over 50 US cities so far in 2019.
Alsid recently closed a $13m funding round, a record sum for a cybersecurity Series A round. The company will use the funds in part to accelerate Alsid’s expansion in Europe, Asia, and the US, and to build on its revenue growth of over 500% throughout 2018.
