- More than half of companies surveyed fail to properly enforce proper privileged credential control, according to a new report.
- The 2016 State of Privileged Account Management Report—co-sponsored by Thycotic and Cybersecurity—also found nearly two-thirds of companies still depend on manual methods to manage privileged accounts.
- Meanwhile, only 10% of companies have purchased a solution to automate privileged account management (PAM), which can help defend against cybercrime.
Weak PAM is a "rampant epidemic" within companies and governments globally, the report found. Yet locking down privileged accounts is critical because hackers find such data very appealing. Preventing cyberattacks or stopping malicious actors from entering a system often starts with ensuring an organization knows who has system access.
"The most damaging cyberattacks occur when privileged credentials are stolen, giving attackers the same level of access as internal people managing the systems," said Jim Legg, CEO of Thycotic. "This puts an organization at the mercy of an attacker’s motivation—be it financial, ransomware or other harm to the business."
Maintaining an accurate active directory of privileged access users is a growing challenge for both government and businesses. Failing to do so can present significant security concerns. A report released last month from the State Department’s inspector general found the agency had more than 2,600 inactive user accounts remaining on the agency's networks.