CyberArk survey: Most enterprises fear disruption to their business applications, but don't secure them
According to a new CyberArk (NASDAQ: CYBR) survey, the majority of organisations (nearly 70%) do not prioritise protecting the applications that their businesses depend on, such as ERP and CRM systems, any differently from how low-value data, applications or services are secured.
The independent survey was conducted among 1 450 business and IT decision makers, primarily from Western European economies. Respondents indicated that even the slightest downtime affecting business-critical applications would be massively disruptive, with 61% agreeing that the impact would be severe.
Breaches affecting applications that are the lifeblood of a business can result in punitive costs, with a 2018 report estimating the average cost of an attack on an ERP system at $5.5 million.^1 The threat activators that enterprises face are formidable. A case in point: Organised crime was behind 50% of all breaches in 2018, with attacks using established tactics like privilege abuse to achieve their aims.^2
Despite the fact that more than half (56%) of organisations have experienced data loss, integrity issues or service disruptions affecting business critical applications in the previous two years, the survey found that a large majority (72%) of respondents were confident that their organisation could effectively stop all data security attacks or breaches at the perimeter.
This brings to light a remarkable disconnect between where security strategy is focused and the business value of what is most important to the organisation. An attacker targeting administrative privileges for these applications could cause significant disruption and could even halt business operations.
The survey also found that 74% of organisations indicated they had moved (or would move within two years) business-critical applications to the cloud. A risk-prioritised approach to protecting these assets is necessary for this transition to be managed successfully. Further industry data shows that globally, 69% of organisations are migrating data for popular ERP applications to the cloud.^3
"From banking systems and research and development to customer service and supply chain, all businesses in all verticals run on critical applications. Accessing and disrupting these applications is a primary target for attackers due to their day-to-day operational importance and the wealth of information that resides in them, whether they are on-premises or in the cloud," said David Higgins, EMEA technical director at CyberArk.
"Chief information security officers must take a prioritised, risk-based approach that applies the most rigorous protection to these applications, securing in particular privileged access to them and assuring that regardless of what attacks penetrate the perimeter, they continue to run uncompromised."
About the survey
The CyberArk-sponsored survey was conducted by Arlington Research among 1 450 business and IT decision-makers in eight countries in Europe, the Middle East and Africa: the UK, France, Germany, Italy, Spain, Switzerland, the Netherlands and Israel.
Interactive Infographic Business Critical Applications
eBook The Age of Digital Transformation: 5 Keys To Securing Your Business Critical Applications
(1) Industry-Focused Data Breach Report 2018: ERPScan
(2) 2018 Verizon Data Breach Investigations Report (DBIR)
(3) Enterprise Resource Planning (ERP) Applications and Cloud Adoption 2019