BeyondTrust has announced the results of its European Privilege Gone Wild survey carried out during the first half of April 2014 across the UK and the rest of Europe covering IT, security and network professionals. The survey reveals that employees across the region are granted excessive privileges – such as ‘admin rights’ beyond the requirements of their roles and that as a result, are exacerbating the ‘insider threat’ risk.
“This latest survey shows that the problem of excessive privilege continues to be a major problem and while organisations are aware of the issue, they are still failing to address it,” says Brent Thurrell, VP EMEA and India. “The tools are there to manage privilege – which can be the cause of many unnecessary security vulnerabilities – so organisations are putting themselves at risk unnecessarily. More companies need to start prioritizing privilege management.”
Privilege beyond their needs
Over a third of respondents say that they have access rights not necessary for their current roles. When asked what information could be accessed, 44 per cent cited financial reports, privilege passwords, email server accounts, R&D plans.
On a more positive note, over 60 per cent have controls to monitor privilege access, though just over half believe that either they or colleagues have the ability to circumvent these controls. When asked to rate what kind of information is most of risk, respondents stated 45 per cent of general business information, 34 per cent of customer information and just over 12 per cent of financial information.
Curiosity is putting sensitive and confidential information at risk
Over half of all respondent believe employees are likely or very likely to access sensitive or confidential information out of curiosity. Indeed, over a third of respondents admitting to retrieving information not relevant to their jobs. It is encouraging that over half of all organisations do not allow sensitive data to be stored on employees’ workstations or laptops, but not such good news that over 43 per cent confessed that their organisations do allow this to happen.
Future indications
Over a third believe that it is likely or very likely that their organisations will assign privilege access rights that go beyond the individuals’ roles and responsibilities, with only 32 per cent saying that this would be unlikely. 45 per cent expect the risks around privilege management to increase within the next few years.
Survey information
The survey reflects responses from over 100 IT decision makers across Europe, including security managers, and network and systems engineers across a number of industries including financial services, manufacturing, and government. Please see Appendix A for a full breakdown of the results.