Less than a third of IT security pros feel confident about identifying insider threats with third-party and employee access their biggest concerns according to Atlanta based identity/access management firm Bomgar's report.

In its “2018 Privileged Access Threat Report,” Bomgar also revealed less than 35% of security and IT professionals feel very confident they have ability to identify threats from employees with privileged access; and 75% have seen the number of vendors with access to their networks increase in the last year, but 33% believe they spend too little time monitoring third-party vendor access.

The global survey explored the visibility, control, and management that IT organizations in the U.S. and Europe have over employees, contractors, and third-party vendors with privileged access to their IT networks. According to the report 50% of organizations have suffered a serious data breach or expect to do so in the next six months due to third-party and insider threats.

The report found the most trusting sector is financial services, where 46% of organizations said they completely trust insiders and 41% completely trust third-party vendors. These results are higher than in any other sector even though financial services organizations are most likely to have experienced an insider or third-party breach in the last year. Financial services also revealed the most concern of any sector about insider threats moving forward. Firms are either very or fairly concerned about insider credentials used for malicious purposes, whether intentionally (68%) or through phishing (67%).

Matt Dircks, Bomgar CEO, said, “IT administrators and third-party vendors need privileged access to be able to do their jobs effectively, but the number of privileged users is growing exponentially, and access to systems and data is often being granted in an uncontrolled way. In the face of growing threats together with the introduction of the EU GDPR, there has never been a greater need to implement organization-wide strategies and solutions to manage and control privileged access.”

Some two-thirds of organizations claimed that they could have experienced a breach due to third-party access in the last 12 months, and 62% due to insider credentials.

A large part of the risk sits with the organizations themselves, as the report found that 73% rely on third-party vendors too heavily, and 72% have cultures too trusting of partners.

The report also found that problematic employee behavior continues to be a challenge for most organizations.

Among the problems cited: Writing down passwords, for 65% of organizations (55% in 2017); and colleagues telling each other passwords for 54% of organizations in 2018 (46% in 2017). The report revealed, indicates that poor password hygiene continues to be a growing issue, or it may be that organizations are more aware of these behaviors due to an increased focus on data protection and privacy.

The report showed some organizations are managing these risks with a privileged identity and access management solution. From the research, these same organizations experienced less severe security breaches and have better visibility and control than those who use manual solutions or no solution at all. Forty-four percent of organizations using PAM experienced a serious breach or expect to in the next six months, compared to 69% of those without privileged user control.

The report suggested as the vendor ecosystem grows, and employees gain more trust, organizations need to accept a way to mitigate risks is by managing privileged accounts through technology and automated processes that not only save time, but also provide visibility across the network. Dircks added, “By implementing cybersecurity policies and solutions that also speed business performance, versus putting roadblocks in users' way, organizations can begin to seriously tackle the privileged access problem.”

More than 1,000 key decision makers with visibility over the processes associated with enabling internal users and external parties to connect to their systems completed the survey in February 2018. Those surveyed across the United Kingdom, the United States, Germany and France, were all IT professionals across operations, IT support/helpdesk, IT security, compliance and risk or network/general IT roles from a range of industries, including manufacturing, finance, professional services, retail, healthcare, telecoms and the public sector.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).