More than one-third of Asia Pacific IT executives have no idea how long it takes to discover attacks of their privileged accounts, said security firm Cyber-Ark Software recently when releasing results of a survey.
Privileged accounts are powerful administrator accounts within the IT infrastructure, which includes default and hardcoded passwords and application accounts. These accounts often provide access to the enterprises' core IT infrastructure or sensitive corporate data.
The study surveyed 989 IT executives across the world earlier this year, with 200 of them from the Asia Pacific region. While 25% of the regional IT leaders indicate they could detect attack on privileged accounts within hours or minutes, 37% stated they don't know how long it'd take.
"These privileged accounts are often targets of the cyber attackers because of the information they could access," said Cyber-Ark CEO Udi Mokady. "But if enterprises don't monitor activities of these accounts, it's not surprised that they don't know when these accounts are being compromised."
The study also indicates more than half (52%) of the Asia IT executives believe cyber attackers -- including phishing and malware -- is currently in the network or breached the network in the past year.
Integration creates vulnerability
Despite a high level of cyberattacks and the criticality of these privileged accounts, enterprises still share passwords among employees within the IT team. Mokady said that some enterprises even share the IT infrastructure administrator accounts information with their outsourcing providers. To enable integration across multiple databases and applications, password to access the database is often embedded into the code.
"This is often necessary and it's part of the process," Dan Dinnar, vice president sales Asia Pacific noted. "If passwords are changed, enterprises need to re-code the applications, so often these passwords remain unchanged for decades."
Aiming to manage privilege accounts and monitor activities related to each of them, Cyber-Ark provides a management platform, which creates a personalized account for each person -- both IT staff and outsourcing providers' employees--to monitor their access and activities in using these privileged accounts.
He added that some outsourcing and cloud providers are also using their products to raise the security level and monitor capability for their customers. But in Asia, Mokady said most of the interest's from enterprises.
He said organizations focused their security investment on the perimeter in the past few years, but awareness of internal attacks is raised again with the Snowden incident.
"More enterprises and organizations are realizing there could be a Snowden within their own company," Mokady said. "That person could be accessing the enterprises most critical data one day, but using the administrator accounts for malicious activities on the other."