Amid a historic shift to remote work and movement of corporate data into the cloud, about 97% of senior security executives are reporting an increase in credential theft, according to research released Wednesday on behalf of CyberArk. The report is based on a survey of 100 senior security executives at large enterprise companies, with all of them reporting annual revenue of more than $1 billion.
Threat actors are increasingly using spear phishing and impersonation to target end users, with 56% of respondents reporting that business users with access to sensitive data are being targeted, according to the report.
About 88% of senior security executives said adopting a zero-trust model was either "important" or "very important." The most important change in security posture was the use of identity access management, which would help companies gain better control over privileged access.
Threat actors are spending more time to cultivate potential targets, after determining who has access to valued corporate information. Attackers may use social engineering to engage business users, like a scientist or engineer with access to particular data.
A panel of 12 CISOs from Fortune 1000 companies were also interviewed in depth to offer insights as to what they see as priority concerns. The CyberArk-sponsored research was done in conjunction with independent research firm Robinson Insight.
Other reports have raised concerns about credential theft, which is often used to gain privileged access to enterprise systems through access to trusted users.
"Credential theft is by far the easiest route for attackers to gain entry into a system and take control of an account, from which subsequent attacks can be launched — and which become significantly harder to detect," said Kevin O'Brien, GreatHorn co-founder and CEO, in an email earlier this month.
Researchers at Black Kite began to see an uptick in valid credentials being sold on Dark Web marketplace sites in 2020, rising to about 8% of all credentials from about 5% in recent years, according to Bob Maley, CSO at Black Kite.
"The instincts of the surveyed CISO's are spot on," he said, via email. "In fact, we see something more troubling than what the CISO's fear — the bad guys aren't just trying to steal more, they are stealing more."