Enterprises Fear Disruption to Applications, Yet Don't Prioritize Security
April 15, 2019
Share this

The majority of organizations (nearly 70 percent) do not prioritize the protection of the applications that their business depend on — such as ERP and CRM systems — any differently than how low-value data, applications or services are secured, according to a new survey from CyberArk.

Respondents indicated that even the slightest downtime affecting business critical applications would be massively disruptive, with 61 percent agreeing that the impact would be severe.

Breaches affecting applications that are the lifeblood of business can result in punitive costs, with a 2018 report estimating the average cost of an attack on an ERP system at $5.5 million USD. The threat actors that enterprises face are formidable — organized crime was behind 50 percent of all breaches in 2018, with attacks using established tactics like privileges abuse to achieve their aims.

Despite the fact that more than half (56 percent) of organizations have experienced data loss, integrity issues or service disruptions affecting business critical applications in the previous two years, the survey found a large majority (72 percent) of respondents are confident that their organization can effectively stop all data security attacks or breaches at the perimeter. This brings to light a remarkable disconnect between where security strategy is focused and the business value of what is most important to the organization. An attacker targeting administrative privileges for these applications could cause significant disruption and could even halt business operations.

The survey also found that 74 percent of organizations indicated they have moved (or will move within two years) business critical applications to the cloud. A risk-prioritized approach to protecting these assets is necessary for this transition to be managed successfully. Further industry data shows that, globally, 69 percent of organizations are migrating data for popular ERP applications to the cloud.

“From banking systems and R&D to customer service and supply chain, all businesses in all verticals run on critical applications. Accessing and disrupting these applications is a primary target for attackers due to their day-to-day operational importance and the wealth of information that resides in them — whether they are on-premises or in the cloud,” said David Higgins, EMEA technical director at CyberArk. “CISOs must take a prioritized, risk-based approach that applies the most rigorous protection to these applications, securing in particular privileged access to them and assuring that, regardless of what attacks penetrate the perimeter, they continue to run uncompromised.”

Methodology: The independent survey was conducted among 1,450 business and IT decision makers, primarily from Western European economies.

Share this

The Latest

April 18, 2019

A vast majority of organizations are still unprepared to properly respond to cybersecurity incidents, with 77% of respondents indicating they do not have a cybersecurity incident response plan applied consistently across the enterprise, according to The 2019 Study on the Cyber Resilient Organization, a study conducted by the Ponemon Institute on behalf of IBM ...

April 17, 2019

People and businesses today make mistakes similar to Troy, when they get too enamored by the latest, flashiest technology. These modern Trojan Horses work through their ability to "wow" us. Cybercriminals find IoT devices an easy target because they are the cool new technology on the block ...

April 16, 2019

Software security flaws cause the majority of product vulnerabilities, according to the 2019 Security Report from Ixia's Application and Threat Intelligence (ATI) Research Center ...

April 15, 2019

The majority of organizations (nearly 70 percent) do not prioritize the protection of the applications that their business depend on — such as ERP and CRM systems — any differently than how low-value data, applications or services are secured, according to a new survey from CyberArk ...

April 12, 2019

While 97 percent of organizations are currently undertaking or planning to undertake digital transformation initiatives, integration challenges are hindering efforts for 84 percent of organizations, according to the 2019 Connectivity Benchmark Report from MuleSoft ...

April 11, 2019

Companies have low visibility into their public cloud environments, and the tools and data supplied by cloud providers are insufficient, according to The State of Public Cloud Monitoring, a report sponsored by Ixia ...

April 10, 2019

Without improvement in time and budget constraints, the majority of tech pros (75 percent) say they will be unable to confidently manage future innovations, according to IT Trends Report 2019: Skills for Tech Pros of Tomorrow, a new report from SolarWinds. This reality ultimately puts businesses at risk of performance and competitive advantage losses, making the prioritization of skills and career development for tech pros paramount ...

April 09, 2019

Tech pros have one foot grounded in today's hybrid IT realities while also setting their sights on emerging technology, according to IT Trends Report 2019: Skills for Tech Pros of Tomorrow ...

April 08, 2019

This Thursday EMA will be presenting a webinar — Automation, AI and Analytics: Reinventing ITSM — covering recent research. There were quite a few surprises. And in fact, many of the surprises indicated a yet-more-positive outlook than we expected ...

April 05, 2019

Almost three-fourths (69 percent) of organizations have plans to deploy 5G by 2020, according to a new 5G use case and adoption survey by Gartner. Organizations expect 5G networks to be mainly used for IoT communications and video, with operational efficiency being the key driver ...