Survey: 80% of breaches caused by privileged credential abuse

Privileged Access is supposed to add stringent layers of data protection. And yet, according to Forrester PIM Wave 2018 Report presented by Forrester Research Inc., a staggering 80% of data breaches involve privileged credential misuse.

Centrify, a provider of cloud-ready Zero Trust Privilege to secure modern enterprises, commissioned TechVangelism to conduct the survey of 1,300 organizations across 11 industry verticals in the United States and Canada.

The survey revealed that the majority of organizations are ill-prepared to protect themselves against privileged access abuse, the leading cyber-attack vector. Seventy-nine percent of organizations do not have a mature approach to Privileged Access Management (PAM), yet 93% believe they are at least somewhat prepared against threats that involve privileged credentials.

“PAM is not being adequately implemented because of budget constraints and the IT’s inability to secure executive buy-in,” said Dan Mountstephen, regional VP, APJ, Centrify Corp. “Not because it’s not a priority or (companies deemed the process) time-consuming.”


The use of privileged accounts aims to reduce the risk of credentials being stolen. However, the survey reveals that abuse of privileged access leads to many large-scale data breaches.

The survey also revealed some specific insights about the solutions being used to control privileged access, including 52% of organizations are using shared accounts for controlling privileged access; 58% of organizations do not use Multi-Factor Authentication (MFA) for privileged administrative access to servers; 51% of organizations do not control access to transformational technologies with privileged access such as modern attack surfaces like cloud workloads (38%), Big Data projects (65%), and containers (50%).

The survey also found out that organizations have become too complacent by granting too much trust and privileged to employees defeating the purpose of privileged access. Some of them did not prioritize PAM or are not implementing it effectively.

What’s even more alarming is the result that 52% of respondents do not have password vault while 65% are still sharing root or privileged access to systems and data at least somewhat often. More than 1 out of 5 (or 21%) of the organizations have not been implementing Multi-Factor Authentication for privileged administrative access.

Zero Trust

Centrify advises organizations to adopt a Zero Trust mindset to further reduce the risk of becoming the next data breach victim.

Basically, Zero Trust Privilege Approach include verification, contextualizing the request, securing the administrative environment, and grant the least privilege, according to Mountstephen.

As part of its efforts to promote and encourage organizations to strictly enforce PAM for data protection, Centrify offers a free cloud-based PAM to organizations. Its Free Tier Vault is available at the Amazon Web Services Marketplace. It offers all the benefits of its Saas Privileged Access Service to manage up to 50 registered systems and their associated service accounts free of charge.

Centrify Privileged Access Service allows organizations to secure and manage superuser and application accounts on servers and network devices and provide secure remote access to resources whether they are on-premise or in the cloud without the use of VPN. It provides access to critical shared account passwords while maintaining control over who has access, which passwords they have access to, and how those passwords are managed and rotated.

Ideally, password vaulting and MFA for administrative are some of the very basic steps that can harden organizations’ security posture especially those that are using hybrid clouds.

Centrify aims to prod organizations to adopt Zero Trust Privilege to improve their cybersecurity hygiene so they won’t fall victims to data breaches which are costly not only in terms of finances but in brand reputation as well.

2 replies »