Chief information security officers’ failure to implement basic controls over privileged access accounts is one of the key reasons why ransomware attacks succeed, says a vendor report.
“Overwhelmingly, the most concerning finding in our data was the pervasive lack of
basic controls over privileged credentials and access,” says the study by Axios, which sells a cyber risk management platform, after studying de-identified data of more than 100 organizations that used its ransomware preparedness assessment tool.
The broad conclusion of the study, released Tuesday in a report called the State of Ransomware Preparedness, is that most organizations surveyed weren’t adequately prepared to manage the risk associated with a ransomware attack largely because many continue to lack the basic cybersecurity controls needed to stem an attack.
Among the findings:
–nearly 80 per cent of organizations using the tool hadn’t implemented or had only
partially implemented a privileged access management solution;
–only 36 per cent audited the use of Windows service accounts, a type of privileged account, on a regular basis;
–only 26 per cent denied the use of command-line scripting tools…