PHOTO
90% of respondents with fully integrated PAM tools are confident they can identify specific threats from employees with privileged access
Dubai, United Arab Emirates: BeyondTrust, the worldwide leader in Privileged Access Management, has released the 2019 Privileged Access Threat Report. In its fourth edition, the global survey explores the visibility, control, and management that IT organizations across the globe including the United Arab Emirates (UAE) and Saudi Arabia have over employees, contractors, and third-party vendors with privileged access to their IT networks. According to the report, 64% believe they’ve likely had either a direct or indirect breach due to misused or abused employee access in the last 12 months, and 62% believe they’ve had a breach due to compromised vendor access.
Poor security hygiene by employees continues to be a challenge for most organizations. Writing down passwords, for example, was cited as a problem by 60% of organizations, while colleagues telling each other passwords was also an issue for 58% of organizations, a steady increase from 2018’s statistics. The report also highlighted regional differences, with only 28% of Middle East businesses expressing worries about employees downloading data onto a memory stick, while 42% see this as an issue in APAC. Ultimately, 71% of organizations agree that they would be more secure if they restricted employee device access. However, this isn’t usually realistic, let alone conducive to productivity.
“Both internal employees and third-party vendors need privileged access to be able to do their jobs effectively, but need this access granted in a way that doesn’t compromise security or impede productivity,” commented Morey Haber, CTO & CISO of BeyondTrust. “In the face of growing threats, there has never been a greater need to implement organization-wide strategies and solutions to manage and control privileged access in a way that fits the needs of the user.”
The businesses surveyed reported an average of 182 vendors logging in to their systems every week. At organizations with 5,000+ employees, 23% say they have more than 500 vendors logging in regularly, highlighting the sheer scope of the risk exposure. This year’s report uncovered that trust in vendor access is now lower than trust in employee access, with only one in four (25%) saying they completely trust vendors, in comparison to 37% of employees. This is a stark comparison to last year’s report, where 72% of businesses admitted that they have cultures that are too trusting of third parties. In an age where data breaches have immense financial and reputational implications for businesses, it’s a positive step that these organizations are now assessing the level of trust they place in their third-party vendors.
The report also delves into the threats posed by emerging technologies. The risks associated with the Internet of Things (IoT) posed a big concern for the professionals surveyed, with the visibility of logins from IoT devices revealed as the most pressing issue. Three quarters (76%) are confident they know how many IoT devices are accessing their systems, while four in five are confident they know how many individual logins can be attributed to these devices. At the same time, 57% of security decision makers perceive at least a moderate risk from Bring Your Own Device (BYOD) policies.
The report did show that some organizations are managing these risks with a Privileged Access Management (PAM) solution. From the research, these same organizations experience less severe security breaches and have better visibility and control than those who use manual solutions or no solution at all. In fact, 90% of those with fully integrated PAM tools are confident they can identify specific threats from employees with privileged access.
“As the vendor ecosystem grows, the threat landscape evolves and users should be granted specific role-based privileges. Organizations need to accept that the way to mitigate risks is by managing privileged accounts through integrated technology and automated processes that not only save time, but also provide visibility across the environment,” Haber added. “By implementing cybersecurity policies and solutions that also speed business efficiency, versus putting roadblocks in users’ way, organizations can begin to seriously tackle the privileged access problem.”
Research methodology
1006 key decision makers with visibility over the processes associated with enabling internal users and external parties to connect to their systems completed a survey in April 2019. Those surveyed were all IT professionals across operations, IT support/helpdesk, IT security, compliance and risk or network/general IT roles. Respondents were from a range of industries, including manufacturing, finance, professional services, retail, healthcare, telecoms and the public sector. Working with Loudhouse, an independent research agency, the survey was conducted across the USA, EMEA and APAC.
About BeyondTrust
BeyondTrust is the worldwide leader in Privileged Access Management, offering the most seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access. Our extensible platform empowers organizations to easily scale privilege security as threats evolve across endpoint, server, cloud, DevOps, and network device environments. BeyondTrust unifies the industry’s broadest set of privileged access capabilities with centralized management, reporting, and analytics, enabling leaders to take decisive and informed actions to defeat attackers. Our holistic platform stands out for its flexible design that simplifies integrations, enhances user productivity, and maximizes IT and security investments. BeyondTrust gives organizations the visibility and control they need to reduce risk, achieve compliance objectives, and boost operational performance. We are trusted by 20,000 customers, including half of the Fortune 100, and a global partner network. Learn more at www.beyondtrust.com.
Contacts:
Vernon Saldanha
Procre8 (on behalf of BeyondTrust)
+971 52 288 0850
vernon@procre8.biz
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.
