64 percent of organizations believe they have suffered a breach due to privileged access
A global survey of over 1,000 IT security decision makers by privileged access management specialist BeyondTrust reveals that 64 percent believe they've had either a direct or indirect breach due to employee access in the last year, and 62 percent believe they've had a breach due to vendor access.
Employee behavior continues to be a challenge for a majority of organizations. Writing down passwords, for example, is cited as a problem by 60 percent of organizations, while colleagues telling each other passwords was also an issue for 58 percent of organizations in 2019.
The report also highlights regional differences, with only 20 percent of UK businesses expressing worries about employees downloading data onto a memory stick, while 42 percent see this as an issue in the Asia Pacific (APAC) region. 71 percent of organizations agree that they would be more secure if they restricted employee device access. However, this isn't usually realistic or conducive to productivity.
"Both internal employees and third-party vendors need privileged access to be able to do their jobs effectively, but need this access granted in a way that doesn’t impede on productivity," says Morey Haber, CTO and CISO of BeyondTrust. "In the face of growing threats, there has never been a greater need to implement organization-wide strategies and solutions to manage and control privileged access in a way that fits the needs of the user."
Businesses surveyed reported an average of 182 vendors logging in to their systems every week. At organizations with over 5,000 employees, 23 percent say they have more than 500 vendors logging in regularly, highlighting the extent of risk exposure.
Trust in vendor access is now lower than trust in employee access, with only one in four saying they completely trust vendors, in comparison to 37 percent of employees. This is in contrast to last year’s report, where 72 percent of businesses admitted that they have cultures that are too trusting of third parties.
The report also looks at emerging threats, the Internet of Things poses a big concern, with the visibility of logins from IoT devices revealed as the most pressing issue. Three quarters (76 percent) are confident they know how many IoT devices are accessing their systems, while four in five are confident they know how many individual logins can be attributed to these devices. At the same time, 47 percent of security decision makers perceive at least a moderate risk from Bring Your Own Device (BYOD) policies.
"As the vendor ecosystem grows, the threat landscape evolves and employees are granted more trust, organizations need to accept that the way to mitigate risks is by managing privileged accounts through integrated technology and automated processes that not only save time, but also provide visibility across the network," Haber adds. "By implementing cybersecurity policies and solutions that also speed business performance, versus putting roadblocks in users’ way, organizations can begin to seriously tackle the privileged access problem."
You can find out more on the BeyondTrust blog.