Vulnerabilities / Threats //

Insider Threats

12:00 PM
Connect Directly

Organizations Still Give Employees More Access Than They Need

Ponemon study shows that access to proprietary information remains on the rise.

As the enterprise increasingly requires employees to have more access than ever to sensitive and proprietary information, improvements to how well companies enforce access policies and track employee use of files are still slow on the uptake. According to a new study out by Ponemon Institute, the rate at which employee access is expanding outstrips the rate at which least privilege and other policy enforcements are gaining steam. 

Sponsored by Varonis, the study queried over 3,000 employees in US and European organizations, approximately half from line-of-business roles and half from IT roles, to examine practices and attitudes about insider behavior with regard to sensitive data. Trends were also tracked against a similar study from 2014 to see how things have changed in the past two years.

Ponemon showed that the amount of access and use of proprietary information is on the rise --the number of employees who reported their job requires such access increased by 12 points to 88% this year. In the good news category, the percent of end users who report they have access to data they probably shouldn't see has decreased from 71% down to 62%. However, that's still a high number and shows there's still lots of room for improvement.

"This survey raises key points as to why hackers are able to maximize impact — too many employees have too much access, beyond what they need to do their jobs," says Dr. Larry Ponemon, author of the report and chairman and founder of Ponemon Institute. "On top of this, when employees access valuable data and their activity is not tracked or audited, it becomes far too easy for an external hacker or a rogue insider to get away unnoticed."

According to the study, 76% of organizations have experienced the loss or theft of company data over the past two years, a number rising since 2014. About three of four IT practitioners say that either negligent or malicious employees or contractors are the most likely to compromise accounts within their organizations and 55% say that their biggest worry is negligent insiders.

IT practitioners report that only about 29% of organizations fully enforce a least-privilege model of access control. That's up by nine points, but it shows that two-thirds of organizations are still lax with their controls. In fact, over one-quarter of organizations still do not enforce least-privilege at all. Meanwhile, when it comes to keeping on-going tabs on access activity, over half of organizations report that they review access to file shares or other collaborative data stores only annually or not at all. Additionally, a full 35% of organizations do not maintain a searchable record of file system activity.

All of this makes it difficult for companies to quickly detect employees or employee accounts accessing files and emails they're not authorized to see. About 57% of organizations take a week or longer to do so. 


Related Content:

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
8/12/2016 | 12:57:49 PM
Protect all your Data
As the recent and on-going DNC email breach attests, it is not sufficient for corporations and organizations to secure their sensitive data stored in applications and systems.  Files, emails are now the main target and very few companies today secure them.  This means this trend will go on for a while and a new layer of Identity Governance around unstructured data is about to see tremendous growth.
Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.