Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

73 Percent of IT Security Professionals Have Still Not Prioritized Uncontrolled Privileged Access

April 23, 2014

  • Blog
  • Archive

Survey reveals lack of attention to user privileges, despite major security concerns and continued growing threats caused by users and IT admins.

The NSA's notorious insider breach has caused 52 percent of IT security professionals to reconsider their approach to user and systems administrator privileges, yet the majority aren't taking action, according to a survey released today by Avecto. Its findings reveal that organizations continue to lag when it comes to controlling the use of administrator rights in their IT environment.

Conducted at the McAfee FOCUS 2013 conference in October, the survey comprises responses from 348 decision-making information security professionals. While the majority of respondents said the recent Edward Snowden affair has heightened concerns around IT admins with excess privileges, 73 percent admitted that their organizations' privilege management policies remain unchanged.

Though 33 percent of respondents cited rogue employees as the most important security threat to their organization, 40 percent of respondents pointed to malware as the key vulnerability. This further demonstrates why organizations must prioritize their policies around administrative rights, given that users with excess privileges are more likely to introduce malware via unauthorized downloads or system tweaks.

Other notable findings include:

  • For organizations that have reduced the number of administrator rights in their IT environment, malware mitigation was the key driver for 33 percent of them, followed by external compliance (14 percent), internal compliance (11 percent) and insider threat (11 percent).
  • More than 50 percent of respondents claimed that their system administrators posed moderate to high risk to the network, yet only 20 percent are aware of how many server administrators in their organization are currently running with administrator rights.
  • 45 percent of respondents have experienced server outages due to configuration errors by server administrators.

"Media attention around the NSA's high-profile breach has created a significant turning point in how organizations think about security, with the IT function now increasingly aware of how attacks can stem from users and system admins with excess privileges," said Mark Austin, CEO at Avecto. "But awareness alone is not enough for network protection. Closing the disparity between those who realize the risks and those who are actively mitigating them is essential if organizations are to effectively defend against cybercrime, especially in today's advanced threat landscape."

Austin continues, "Enterprises are finding that the principle of least privilege, which leverages targeted privilege elevation and grants users standard accounts rather than administrator ones, can enable tighter security around excessive rights, without restricting employees from efficiently carrying out their day-to-day tasks."

Update: Privilege Guard is now Defendpoint

Privilege Guard has now evolved into the new security suite, Defendpoint, which encompasses Privilege Management, Application Control and Sandboxing. For more information, please visit www.avecto.com/defendpoint.

Kevin Franks

Marketing Communications Manager

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.