Menu

TLS.NET Managed IT for businesses is exploding in growth and client retention, ask to join the program today.

Half of companies unnecessarily grant employees more access than needed

Although insider leaks and attacks continue to multiply, recent research found 58 percent of IT operations and security managers believe their organizations unnecessarily grant access to individuals beyond their roles, with 91 percent predicting the risk of insider threats will grow or stay the same.

With more than 40 percent of respondents agreeing that malicious insiders would use social engineering to obtain privileged user access rights - up 20 percent from 2011 data – it's no surprise most of those surveyed expect insider threats to remain an issue, authors of the study say.

Approximately 70 percent of the respondents think it is "very likely" or "likely" that privileged users believe they are empowered to access all the information they can view. Nearly 70 percent also believe that privileged users access sensitive or confidential data simply out of curiosity. With these large percentages in mind, only 43 percent of commercial and 51 percent of federal organizations said they can effectively monitor their privileged user activities. A majority said that only 10 percent or less of their budget is dedicated to this significant challenge.  

While budget and the human element are factors in addressing the insider threat challenge, technology deficiencies also play a role, the research shows. The survey found a significant number of respondents use existing cybersecurity tools to combat insider threats, rather than more targeted technologies (e.g. 48 percent of commercial and 52 percent of federal organizations use a SIEM to determine if an action is an insider threat). As a result, more than 60 percent indicated that these tools yield too many false positives. What's more, a majority of both audiences surveyed (63 percent commercial and 75 percent of federal organizations) lack the contextual information required to prevent insider threats.

More than 600 commercial and 142 federal IT operations and security managers participated in Ponemon's study.

To reduce the risks of data loss and breaches, here is a reminder of the top three measures companies should have in mind:

1. Restrict access to sensitive data

An organization should start deploying security controls to monitor who has access to proprietary data. Other must-have data protection and security measures include:

2. Cyber-security education

Educating employees on how to recognize phishing scams and avoid e-threats is vital in maintaining security.

3. If the first line of defense fails, the strongest layer of protection against human error is still technology.

Enterprise security solutions with micro virtual machines embedded will verify any process before being executed on a machine. 

Source URL: businessinsights.bitdefender.com/companies-unnecessarily-employees-access

Leverage Bitdefender Security with TLS.NET Managed IT Services

Share this page

Join our Email Subscribers

  1. Receive critical product notices and the latest in our service offerings.
Close
Menu