Skip to main content
close search
site logo
Dive Brief

Remote work gives rise to more executive credential theft

Published March 25, 2021
David Jones's headshot
Reporter
boardroom, executives, board of directors, meetings, Fortune 500
Photo by Drew Beamer on Unsplash

Dive Brief:

  • Amid a historic shift to remote work and movement of corporate data into the cloud, about 97% of senior security executives are reporting an increase in credential theft, according to research released Wednesday on behalf of CyberArk. The report is based on a survey of 100 senior security executives at large enterprise companies, with all of them reporting annual revenue of more than $1 billion.

  • Threat actors are increasingly using spear phishing and impersonation to target end users, with 56% of respondents reporting that business users with access to sensitive data are being targeted, according to the report. 

  • About 88% of senior security executives said adopting a zero-trust model was either "important" or "very important." The most important change in security posture was the use of identity access management, which would help companies gain better control over privileged access.

Dive Insight:

Threat actors are spending more time to cultivate potential targets, after determining who has access to valued corporate information. Attackers may use social engineering to engage business users, like a scientist or engineer with access to particular data. 

A panel of 12 CISOs from Fortune 1000 companies were also interviewed in depth to offer insights as to what they see as priority concerns. The CyberArk-sponsored research was done in conjunction with independent research firm Robinson Insight.

Other reports have raised concerns about credential theft, which is often used to gain privileged access to enterprise systems through access to trusted users. 

"Credential theft is by far the easiest route for attackers to gain entry into a system and take control of an account, from which subsequent attacks can be launched — and which become significantly harder to detect," said Kevin O'Brien, GreatHorn co-founder and CEO, in an email earlier this month. 

Researchers at Black Kite began to see an uptick in valid credentials being sold on Dark Web marketplace sites in 2020, rising to about 8% of all credentials from about 5% in recent years, according to Bob Maley, CSO at Black Kite. 

"The instincts of the surveyed CISO's are spot on," he said, via email. "In fact, we see something more troubling than what the CISO's fear — the bad guys aren't just trying to steal more, they are stealing more."

Filed Under: Breaches, Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell