Vulnerabilities / Threats //

Insider Threats

8/9/2016
12:00 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

Organizations Still Give Employees More Access Than They Need

Ponemon study shows that access to proprietary information remains on the rise.

As the enterprise increasingly requires employees to have more access than ever to sensitive and proprietary information, improvements to how well companies enforce access policies and track employee use of files are still slow on the uptake. According to a new study out by Ponemon Institute, the rate at which employee access is expanding outstrips the rate at which least privilege and other policy enforcements are gaining steam. 

Sponsored by Varonis, the study queried over 3,000 employees in US and European organizations, approximately half from line-of-business roles and half from IT roles, to examine practices and attitudes about insider behavior with regard to sensitive data. Trends were also tracked against a similar study from 2014 to see how things have changed in the past two years.

Ponemon showed that the amount of access and use of proprietary information is on the rise --the number of employees who reported their job requires such access increased by 12 points to 88% this year. In the good news category, the percent of end users who report they have access to data they probably shouldn't see has decreased from 71% down to 62%. However, that's still a high number and shows there's still lots of room for improvement.

"This survey raises key points as to why hackers are able to maximize impact — too many employees have too much access, beyond what they need to do their jobs," says Dr. Larry Ponemon, author of the report and chairman and founder of Ponemon Institute. "On top of this, when employees access valuable data and their activity is not tracked or audited, it becomes far too easy for an external hacker or a rogue insider to get away unnoticed."

According to the study, 76% of organizations have experienced the loss or theft of company data over the past two years, a number rising since 2014. About three of four IT practitioners say that either negligent or malicious employees or contractors are the most likely to compromise accounts within their organizations and 55% say that their biggest worry is negligent insiders.

IT practitioners report that only about 29% of organizations fully enforce a least-privilege model of access control. That's up by nine points, but it shows that two-thirds of organizations are still lax with their controls. In fact, over one-quarter of organizations still do not enforce least-privilege at all. Meanwhile, when it comes to keeping on-going tabs on access activity, over half of organizations report that they review access to file shares or other collaborative data stores only annually or not at all. Additionally, a full 35% of organizations do not maintain a searchable record of file system activity.

All of this makes it difficult for companies to quickly detect employees or employee accounts accessing files and emails they're not authorized to see. About 57% of organizations take a week or longer to do so. 

 

Related Content:

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
8/12/2016 | 12:57:49 PM
Protect all your Data
As the recent and on-going DNC email breach attests, it is not sufficient for corporations and organizations to secure their sensitive data stored in applications and systems.  Files, emails are now the main target and very few companies today secure them.  This means this trend will go on for a while and a new layer of Identity Governance around unstructured data is about to see tremendous growth.
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Microsoft Fixes 11 Critical, 39 Important Vulns
Kelly Sheridan, Staff Editor, Dark Reading,  6/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1061
PUBLISHED: 2018-06-19
python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
CVE-2018-1073
PUBLISHED: 2018-06-19
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.
CVE-2018-12557
PUBLISHED: 2018-06-19
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could ...
CVE-2018-12559
PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequ...
CVE-2018-12560
PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring.