According to research by security vendor CyberArk, despite the fact that most (56%) of the business and IT leaders surveyed had experienced data loss, integrity issues or service disruptions affecting business critical applications, the majority (72%) expressed confidence in stopping the attacks.
And the majority of organisations (nearly 70%) do not prioritise the protection of the applications that their business depends on — such as ERP and CRM systems — any differently to how low-value data, applications or services are secured.
The independent survey was conducted among 1450 business and IT decision-makers, primarily from Western European economies, with respondents indicating that even the slightest downtime affecting business critical applications would be massively disruptive, with 61% agreeing that the impact would be severe.
“The threat actors that enterprises face are formidable – organised crime was behind 50% of all breaches in 2018, with attacks using established tactics like privileges abuse to achieve their aims,” the company notes.
CyberArk says the survey findings bring to light a “remarkable disconnect” between where security strategy is focused and the business value of what is most important to the organisation.
“An attacker targeting administrative privileges for these applications could cause significant disruption and could even halt business operations,” it says.
The survey also found that 74% of organisations indicated they have moved (or will move within two years) business critical applications to the cloud.
And CyberArk says a risk-prioritised approach to protecting these assets is necessary for this transition to be managed successfully.
Further industry data shows that, globally, 69% of organisations are migrating data for popular ERP applications to the cloud.
“From banking systems and R&D to customer service and supply chain, all businesses in all verticals run on critical applications. Accessing and disrupting these applications is a primary target for attackers due to their day-to-day operational importance and the wealth of information that resides in them – whether they are on-premises or in the cloud,” said David Higgins, EMEA technical director at CyberArk.
“CISOs must take a prioritised, risk-based approach that applies the most rigorous protection to these applications, securing in particular privileged access to them and assuring that, regardless of what attacks penetrate the perimeter, they continue to run uncompromised.”