A new Thyotic survey highlights how companies are putting themselves at risk through poor management of their privileged accounts. The good news is that 78% of firms have incorporated privileged access management (PAM) into their cybersecurity strategy. However, in 85% of cases, organizations have so far failed to achieve “even a basic level of [PAM] maturity.”
The report found that a majority of firms (55%) lacking basic PAM maturity do not know the locations of their privileged accounts, or even how many such accounts they have. In addition, half of privileged accounts do not expire, ever. Less than 1 in 5 companies (18%) are storing privileged accounts in a secure location such as a PAM vault or a password manager.
The PAM shortcomings identified in the report make it much easier for threat actors to obtain administrative control on internal business networks.
Read more: 85% of organizations fail to meet even basic PAM security hygiene