Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

2015 Verizon Data Breach Investigations Report: More End Users as Threats

April 15, 2015

  • Blog
  • Archive

Spring has sprung! Temperatures are finally headed in the right direction! It must be data breach report season again! Verizon released its annual investigations report yesterday full of insights from 2014 security incidents and associated data breaches.

This year’s version offered a new model to calculate data breach costs (which will make reading the next Ponemon report all the more interesting), emphasized the importance of threat intelligence sharing, and offered new insights around before and beyond the breach, in addition to showcasing its nine incident classification patterns. As always, it was an informative and at times entertaining view into information security; although with few “wow” moments in this year’s edition.

I’ll dispense with a full review of the report; there are plenty of great reviews out there, like this one from searchsecurity.com. Instead, I want to talk about a few topics that stood out to me.

Breaches are increasing

The number of confirmed data breaches increased 55% vs. last year to 2,122. These numbers are a subset of overall security incidents, which increased 26% vs. last year to 79,790. (There were quite a few more data inputs and partners involved in the year’s study.)

Breaches resulting from insider misuse are increasing

This year’s data shows that 10.6% of confirmed data breaches resulted from insider misuse, up from 8% in 2013. The percentage of incidents that came from insider misuse was 20.6% up from 18% in 2013.

Breaches involving the end user are increasing, yet sys admins decreasing

This year’s report shows that more incidents involved the end user than ever before. Take a look at a comparison of the data vs. the 2013 data (published in spring 2014). Source: Verizon Data Breach Investigations Reports, 2015 and 2014.

Picture1


A whopping 37.6% of insider abuse incidents involved the end user in 2014, up from 17% last year. On the upside, however, only 1.6% of incidents were attributed to system administrators this year, down from 6% last year.

What to make of the data

While breaches – especially those from insider misuse – are increasing year over year, all of the tools, process and technology put in place to control and manage administrator access to systems and data might actually be delivering on their intended purposes.

But this focus has come at a cost – end users are increasingly emerging as a greater insider threat. Organizations must tackle this challenge immediately. But how?

Achieving control and accountability over privileged user activity

Seeing this year’s Verizon data doesn’t come as much of a surprise. After all, we did a study recently indicating that more than a fourth of companies have no controls over privileged access. How do you strike the balance between securing the organization’s critical data and systems while still enabling end user productivity?

1. Assemble cross-functional teams, avoiding a siloed view of privilege.

2. Deploy policies for controls and enforcement.

3. Prioritize implementation by the consequences of a breach.

4. Start with removing end-user privileges.

5. Address the risk of privileged password misuse.

Look for a comprehensive privileged account management solution that delivers on every privileged account management scenario, minimizes total cost of ownership, provides a fast time to value, and that provides information to make good risk-based decisions beyond just the privilege silo.

If you would like to learn more about BeyondTrust’s approach to privileged account management or get tips on how to get started with your privileged account management project, read this brief white paper or contact us today.

Photograph of Scott Lang

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.