It should be noted, though, that white hat hackers are greater believers in security awareness training than white hat hackers.
"Interestingly, both black hat and white hat hackers ranked all five security measures in almost the same order, except black hats did not believe IT security awareness training was as important," Carson says. "Overall, black hats would have ranked IT security awareness training in fourth place, giving more importance to limiting unknown applications from running. It could be that black hat hackers view humans as an unpredictable, weak link compared to a technological solution that restricts risky behavior."
4. Limit unknown applications
You can't protect something if you don't know it's there. You need to know which applications are authorized to run on your network and ensure their passwords are protected.
"Application accounts need to be inventoried and undergo strict policy enforcement for password strength, account access and password rotation," Thycotic writes. "Centralized control and reporting on these accounts is essential to protect critical information assets."
5. Protect user passwords with security best practices
Finally, it's not just about privileged accounts. While privileged accounts provide attackers with critical data access, end-user accounts remain an attack vector. That said, 77 percent of the survey respondents don't believe any password is safe from hackers.
"Protecting user passwords was ranked last, and some may say that's good news for companies, because changing human behavior is hard — it can be a much less daunting task to change processes on the IT team vs. all employees at a company," Carson says. "However, when you are ready to secure end user passwords, look for solutions that enforce your security policy for password strength and the frequency of password changes, and also provide easy and secure password resets — regularly requiring employees to change their workstation passwords will undoubtedly mean calls to the help desk when new passwords are forgotten.
Sign up for CIO Asia eNewsletters.