Survey Finds Insider Threats Becoming Bigger Concern
A survey of 1,006 IT leaders published today by BeyondTrust, a provider of tools for managing privileged access management (PAM), suggests insider threat issues are more pervasive than most organizations might fully appreciate.
Announced at the Infosecurity Europe conference, the survey finds more than two-thirds of respondents (64%) believe their organization suffered either a direct or indirect breach due to employee access in the last 12 months. Further highlighting the challenge associated with insider threats, the survey also notes 62% of respondents believe there was a breach caused by a vendor accessing their systems. A quarter of respondents (25%) said they have confirmed a breach was caused by an external vendor accessing their systems.
On average, survey respondents have 182 vendors logging in to their systems every week. At organizations with 5,000+ employees, almost a quarter (23%) said they have more than 500 vendors logging in regularly. And yet, only 25% of respondents said they fully trust those vendors.
BeyondTrust CTO and CISO Morey Haber said the survey makes it clear insider threats involving either stolen or compromised credentials are a bigger issue than most organizations realize. While credentials are occasionally pilfered by cybercriminals, the biggest issue continues to be simple employee behavior. The survey finds that writing down passwords, for example, is an issue within 60% of organizations, while colleagues telling each other passwords was also an issue within 58% of organizations.
Haber says the rise of internet of things (IoT) initiatives will also exacerbate the problem. Three-quarters of survey respondents (76%) said they are confident they know how many IoT devices are accessing their systems, while 4 in 5 are confident they know how many individual logins can be attributed to these devices. However, as the number of IoT projects increases, IT organizations will find themselves challenged to keep pace in much the same way they currently struggle with maintaining bring-your-own-device (BYOD) policies, said Haber.
On the positive side, the BeyondTrust survey also finds nearly half of respondents (44%) said complying with external standards is having a significant impact on governing employee access. The survey also notes 90% of survey respondents that have fully integrated PAM tools are confident they can identify specific threats from employees with privileged access.
The challenge of mitigating insider threats is that most organizations don’t have fully integrated PAM tools. The survey finds most of the approaches rely on a fragmented approach. On average, organizations are currently using four different methods of password management for privileged credentials. Almost all (96%) organizations try to control access through privileged credential management tools. Three-quarters (75%) restrict the use of shared admin passwords, while 72% regularly rotate admin passwords. More than half of the respondents have at least one or two PAM tools installed, while 40% have three or more installed. Most have a secure remote access/support tool (91%), while 87% have a privileged password manager/credential store tool in place.
Despite all those tools, however, privileged access issues remain a major contributing factor to the severity of any security breach. Once the credentials of someone with privileged access are compromised, the privileged access keys to the proverbial IT kingdom could be almost anywhere.
Pingback: Behavior Analysis: Getting an Inside Track on Insider Threats - Security Boulevard