European companies don’t have privilege management under control

Over a third of respondents in the survey said that they have access rights not necessary for their current roles

 European companies don’t have privilege management under control

Security provider BeyondTrust has today announced the results of its European Privilege Gone Wild survey carried out during the first half of April 2014 across the UK and the rest of Europe covering IT, security and network professionals.

The survey reveals that employees across the region are granted excessive privileges – such as ‘admin rights’ beyond the requirements of their roles and that as a result, are exacerbating the ‘insider threat’ risk.

'This latest survey shows that the problem of excessive privilege continues to be a major problem and while organisations are aware of the issue, they are still failing to address it,' says Brent Thurrell, VP EMEA and India.  

> See also: Ovum reveals growing risk of data breach from insider threats

'The tools are there to manage privilege – which can be the cause of many unnecessary security vulnerabilities – so organisations are putting themselves at risk unnecessarily.  More companies need to start prioritizing privilege management.'

Privilege beyond their needs

Over a third of respondents say that they have access rights not necessary for their current roles.  When asked what information could be accessed, 44% cited financial reports, privilege passwords, email server accounts, R&D plans.

On a more positive note, over 60% have controls to monitor privilege access, though just over half believe that either they or colleagues have the ability to circumvent these controls.  

When asked to rate what kind of information is most of risk, respondents stated 45 per cent of general business information, 34 per cent of customer information and just over 12% of financial information. 

Curiosity is putting sensitive and confidential information at risk

Over half of all respondent believe employees are likely or very likely to access sensitive or confidential information out of curiosity. Indeed, over a third of respondents admitting to retrieving information not relevant to their jobs. 

It is encouraging that over half of all organisations do not allow sensitive data to be stored on employees’ workstations or laptops, but not such good news that over 43% confessed that their organisations do allow this to happen. 

> See also: Over 1,190 internal security breaches occur in UK businesses every day

Future indications

Over a third believe that it is likely or very likely that their organisations will assign privilege access rights that go beyond the individuals’ roles and responsibilities, with only 32% saying that this would be unlikely. 45% expect the risks around privilege management to increase within the next few years.

Comments (0)