August 23, 2016 by Canadian Underwriter
Nearly six in 10 IT operations and security managers in the United States believe their organizations are unnecessarily granting access to individuals beyond their roles or responsibilities, according to a new survey released on Tuesday.
The Ponemon Institute survey commissioned by cybersecurity company Forcepoint LLC found that 58% of those IT professionals polled believed that their companies were unnecessarily granting access to individuals beyond their roles or responsibilities. And 91% of the more than 700 respondents polled – including more than 600 commercial and 140 federal IT operations and security managers – predicted the risk of insider threats will continue to grow or stay the same, Forcepoint said in a statement.
The 2016 Study on the Insecurity of Privileged Users compared data sets from 2011 and 2014 with present day. It found that more than 40% of respondents agreed that malicious insiders would use social engineering to obtain privileged user access rights – up 20% from 2011 data.
Approximately 70% of both commercial and federal IT operations and security managers surveyed think it is “very likely” or “likely” that privileged users believe they are empowered to access all the information they can view, according to the report. Nearly 70% also believe that privileged users access sensitive or confidential data simply out of curiosity.
“With these large percentages in mind, only 43% of commercial and 51% of federal organizations today said they have the capability to effectively monitor their privileged user activities,” the statement said, adding that “a majority said that only 10% or less of their budget is dedicated to addressing this significant challenge.”
While budget and the human element are factors in addressing the insider threat challenge, technology deficiencies are also playing a role, Austin, Texas-based Forcepoint said. In particular, the survey found that a large number of respondents use existing cybersecurity tools to combat insider threats, rather than more targeted technologies (e.g. 48% of commercial and 52% of federal organizations use security information and event management software to determine if an action is an insider threat). As a result, more than 60% indicated that these tools yield too many false positives.
What’s more, a majority of both audiences surveyed (63 percent commercial and 75 percent of federal organizations) lack the necessary contextual information required to prevent insider threats from happening.
“The best approach to mitigating privileged user abuse is a comprehensive and layered approach that implements best practices, incorporates process and technology and most importantly, addresses the people behind the permissions,” explained Michael Crouse, Forcepoint’s technical director of insider threat solutions. “Damage caused by privileged users is the most extensive, the hardest to mitigate and the most difficult to detect, as it is done by authorized users doing things they are authorized to do. This report underscores the enormous gap between organizations’ awareness of the problem and their ability to solve it.”