Hidden IT Security Risk: Privileged User Access- Valutrics
A Ponemon report finds the security threats around privileged user access and the resulting insider threat risks appear to be growing. Here’s what IT should be keeping an eye on.
(Click image for larger view and slideshow.)
Individuals with the most access to high-value information assets can be a serious insider risk for businesses, according to a Ponemon study sponsored by Forcepoint.
The survey of 704 privileged users included database administrators, network engineers, IT security practitioners, and cloud custodians. The study incorporated three years of research findings, and revealed these individuals often use their rights inappropriately and put their organizations’ sensitive information at risk.
The report found 58% of IT operations and security managers believe their organizations are unnecessarily granting access to individuals beyond their roles or responsibilities — with the vast majority (91%) predicting the risk of insider threats will continue to grow or stay the same.
This finding is up slightly since 2011 when 86% of respondents were concerned about the threat, but a majority of those surveyed reported that only 10% or less of their budget is dedicated to addressing the insider threat challenge.
(Image: Danil Melekhin/iStockphoto)
The overall impact of the risk caused by privileged user abuse or misuse of IT resources on access governance processes has increased significantly to 32% of respondents in this year’s study, up from 19% of respondents in the 2011 survey.
According to 79% of respondents, privileged access rights are required to complete their current job assignments, though 21% of those surveyed reported that they do not need privileged access to do their jobs.
That group cited two primary reasons for having it. The first is that everyone at their level has privileged access even if it is not required to perform a job assignment. The second is the IT organization failing to revoke these rights when these employees changed their position.
Forty percent of respondents report that business unit managers are most responsible for conducting privileged user role certification, an increase from 36% in 2014 and 32% in 2011.
However, the ability to keep pace with access change requests is getting worse, with 61% of respondents saying they struggle to keep pace with the number of access change requests that come in on a regular basis, up from 53% in 2011.
[Read more about new cyber-security standards in the banking industry.]
Other issues include the length of time it takes to deliver access to privileged users — up to 47% in 2016 from 32% in 2011 — and the lack of a consistent approval process.
To make matters worse, organizations have difficulty in actually knowing if an action taken by an insider is truly a threat, though the report also revealed government organizations are more confident that they have enterprise-wide visibility for privileged user access.
The report noted:
Because security tools yield more data than can be reviewed in a timely fashion and behavior involved in the incident is consistent with the individual’s role and responsibility. Monitoring and reviewing of log files, security information and event management (SIEM) and manual oversight are the primary steps taken to determine if an action taken by an insider is truly a threat.
This lack of visibility continues to hinder the ability to determine if users are complying with policies, with 39% of respondents lacking confident that they have the enterprise-wide visibility for privileged user access and can determine if users are compliant with policies. In addition, 18% reported that they were very confident they have this visibility.