Nearly half of the IT security professionals, 46 per cent, failed to change their security strategy substantially even after experiencing a cyber-attack, according to the information by the security company, CyberArk.
This level of cybersecurity inertia and failure to learn from past incidents puts sensitive data, infrastructure, and assets at risk, CyberArk's "Global Advanced Threat Landscape Report" 2018, said this week.
Over 46 per cent respondents said their organisation can't prevent attackers from breaking into internal networks each time it is attempted while 36 per cent reported that administrative credentials were stored in Word or Excel documents on company PCs.
Meanwhile, 50 per cent admitted that their customers' privacy or personally identifiable information (PII) could be at risk because their data is not secured beyond the legally-required basics.
At least 89 per cent professionals stated that IT infrastructure and critical data are not fully protected unless privileged accounts, credentials, and secrets are secured.
The respondents also indicated that the proportion of users who have local administrative privileges on their endpoint devices increased from 62 per cent (in 2016 survey) to 87 per cent in 2018 which is a 25 per cent jump and indicative of employee demands for flexibility trumping security best practices.