Centrify report shows that around half believe only a major breach would change their opinion that compromised user credentials are a ‘significant risk’

A worrying number of senior executives in the UK believe the risk of compromised user credentials (mainly stolen or misused passwords) – is an HR training problem, and not an IT issue, according to a study by Centrify, a leading provider of Zero Trust Security through the power of Next-Gen Access.

The study, commissioned through Dow Jones Customer Intelligence, shows that around one fifth (18 per cent) of respondents are happy to place responsibility for their security culture on their Human Resources (HR) department. However, nearly half (47 per cent) believe they have a strong enough security culture within their organisation to mitigate the risk of compromised credentials altogether. A further third claim that they have not experienced any problems relating to compromised credentials.

The study of 800 senior executives, including CEOs, Technical Officers (CIOs, CTOs and CISOs) and CFOs, in the UK and US, also indicates that many do not see compromised credentials as a significant risk, with 43 per cent perceiving default, stolen or weak passwords only as a minor threat or not a threat at all to an organisation’s success. Of these respondents, nearly half (45 per cent) say that a major breach due to compromised credentials would be needed for senior management to change its view on the subject. This is despite Verizon’s 2017 Data Breach Investigation Report indicating that 81 per cent of breaches now involve weak, default or stolen passwords.

Of the respondents that admit that they have suffered at least one significant cybersecurity breach in the last two years, a quarter (26 per cent) in the UK say that training and awareness would most likely have prevented the breach. However, with 23 per cent blaming a breach on senior management not treating cybersecurity as a top priority, the Centrify study suggests that attitudes and behaviour are unlikely to change very soon.

Barry Scott, CTO EMEA, Centrify, comments: “Research from companies like Verizon shows us that most data breaches are the result of compromised credentials, whether obtained through phishing, default or weak passwords, or some other nefarious method. As we become increasingly mobile, and systems and applications more cloud-based, we must rethink outdated traditional ‘castle and moat’ security models, and adopt a Zero Trust Security approach. First, we must verify the user is who they say they are, then validate their device, and give them access only to what they need in order to do their job. Finally, we must learn and adapt to what’s ‘normal’ for the user, and ask for additional authentication (or block access) when risky or abnormal behaviour is detected.

“This is not just an HR problem, nor indeed an IT problem; it’s a company-wide issue that needs to be supported from the top down. It’s only when senior management start to address cybersecurity as a priority, that it will become integral to the business and to the workforce as a whole.”


Notes for editors:

‘CEO Disconnect is Weakening Cybersecurity’ study commissioned by Centrify and conducted by Dow Jones Customer Intelligence. View the full study: https://www.centrify.com/resources/ceo-disconnect-weakening-...

Research methodology

The statistics cited in this report are from a survey of 800 senior executives conducted in November 2017 by Dow Jones Customer Intelligence (a unit of The Wall Street Journal/Dow Jones Advertising Department), with sponsorship from Centrify. More than three-quarters of these executives are CEOs, CFOs or technical officers (including CIOs, CTOs and CISOs) and the remainder are their direct reports. The companies represented have at least 1,500 employees and over half have more than 10,000 employees. They are positioned across 19 industries in the US and the UK, and about half report annual revenues exceeding US$5 billion.

About Dow Jones Customer Intelligence

As part of the Dow Jones Customer Engine, the Dow Jones Customer Intelligence Unit conducts both bespoke and secondary research on behalf of our brands and our client's brands; and through rigorous analysis and our unique perspectives seek to be a trusted source for relevant, timely, and reliable insights.

About Centrify

Centrify delivers Zero Trust Security through the power of Next-Gen Access. The Centrify Zero Trust Security model assumes that users inside a network are no more trustworthy than those outside the network. Centrify verifies every user, their devices, and limits access and privilege. Centrify also utilises machine learning to discover risky user behavior and apply conditional access — without impacting user experience. Centrify’s Next-Gen Access is the only industry-recognised solution that uniquely converges Identity-as-a Service (IDaaS), enterprise mobility management (EMM) and privileged access management (PAM). Over 5,000 worldwide organisations, including over half the Fortune 100, trust Centrify to proactively secure their businesses.

Amanda Hassall
Consultant
T:+44 (0)1628 822741
M: +44 (0)7855 359889
E: amanda@origincomms.com