BeyondTrust Survey Shows That European Companies Don’t Have Privilege Management Under Control”
Excessive admin rights & privilege are putting companies at risk and increasing the ‘insider threat’
LONDON, April 29, 2014 – BeyondTrust, the security industry’s only provider of Context-Aware Security Intelligence, has today announced the results of its European Privilege Gone Wild survey carried out during the first half of April 2014 across the UK and the rest of Europe covering IT, security and network professionals. The survey reveals that employees across the region are granted excessive privileges – such as ‘admin rights’ beyond the requirements of their roles and that as a result, are exacerbating the ‘insider threat’ risk.
“This latest survey shows that the problem of excessive privilege continues to be a major problem and while organisations are aware of the issue, they are still failing to address it,” says Brent Thurrell, VP EMEA and India. “The tools are there to manage privilege – which can be the cause of many unnecessary security vulnerabilities – so organisations are putting themselves at risk unnecessarily. More companies need to start prioritizing privilege management.”
Privilege beyond their needs
Over a third of respondents say that they have access rights not necessary for their current roles. When asked what information could be accessed, 44 per cent cited financial reports, privilege passwords, email server accounts, R&D plans.
On a more positive note, over 60 per cent have controls to monitor privilege access, though just over half believe that either they or colleagues have the ability to circumvent these controls. When asked to rate what kind of information is most of risk, respondents stated 45 per cent of general business information, 34 per cent of customer information and just over 12 per cent of financial information.
Curiosity is putting sensitive and confidential information at risk
Over half of all respondent believe employees are likely or very likely to access sensitive or confidential information out of curiosity. Indeed, over a third of respondents admitting to retrieving information not relevant to their jobs. It is encouraging that over half of all organisations do not allow sensitive data to be stored on employees’ workstations or laptops, but not such good news that over 43 per cent confessed that their organisations do allow this to happen.
Over a third believe that it is likely or very likely that their organisations will assign privilege access rights that go beyond the individuals’ roles and responsibilities, with only 32 per cent saying that this would be unlikely. 45 per cent expect the risks around privilege management to increase within the next few years.
The survey reflects responses from over 100 IT decision makers across Europe, including security managers, and network and systems engineers across a number of industries including financial services, manufacturing, and government. Please see Appendix A for a full breakdown of the results.
BeyondTrust is the only security solution vendor providing Context-Aware Security Intelligence, giving customers the visibility and controls necessary to reduce their IT security risks, while at the same time simplifying their compliance reporting.
BeyondTrust offers consistent policy-driven vulnerability and privilege management, role-based access control, monitoring, logging, auditing and reporting to protect internal assets from the inside out. The company’s products empower IT governance to strengthen security, improve productivity, drive compliance, and reduce expense across physical, virtual, mobile and cloud environments.
With more than 25 years of global success, BeyondTrust is the pioneer of both Threat Management and Privileged Identity Management (PIM) solutions for heterogeneous IT environments. More than half of the companies listed on the Dow Jones Industrial Average rely on BeyondTrust to secure their enterprises. Customers include eight of the world’s 10 largest banks, eight of the world’s 10 largest aerospace and defense firms, and 7 of the 10 largest U.S. pharmaceutical companies, as well as renowned universities across the globe.
Director, International Marketing
P: +44 (0) 8704 586 224
PR consultant, UKt
P: + 44 (0) 7785 280930