Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

04:00 PM
Connect Directly

Employees Still Get More Access Than They Need

Two surveys show how little enterprises enforce and track least-privilege policies.

Two new surveys out today show how easy enterprises make it for attackers to steal vast quantities of data with just a few successful breaches of employee machines: Employees typically are given far more access to sensitive data than they need to get their jobs done, and enterprises don't do enough to track access behavior.

That failure to enact the very fundamental security principle of auditable least-privilege only increases the risk profile of the employer.

The first report comes by way of the Ponemon Institute, which queried more than 1,000 end-users and 1,000 IT professionals about access patterns, on behalf of Varonis. It showed that among the 1,100 users surveyed, over 70 percent report that they have access to company data they shouldn't be able to see. And of those, more than half report that they use that access frequently. At the same time, among the IT professionals surveyed by Ponemon, four out of five of them report that their organizations don't enforce strict least-privilege data models.

Another survey, conducted by Courion among 35,000 IT executives, found those queried a little more initially optimistic about their enterprise least-privilege practices. Just over 70 percent reported that they thought their organizations enforced least-privilege policies. However, digging in further, approximately 43 percent did say that their organizations are unaware when access privileges are increased or when access behavior is anomalous.

The difficulty with offering too much access and failing to audit access behavior is twofold. Not only are there the natural worries of insider threats, but there is also the even more plausible concern about account privileges being misappropriated by outside attackers.

"This research surfaces an important factor that is often overlooked: Employees commonly have too much access to data, beyond what they need to do their jobs, and when that access is not tracked or audited, an attack that gains access to employee accounts can have devastating consequences,” says Larry Ponemon, chairman and founder of The Ponemon Institute.

According to the Courion survey, 97 percent of IT pros say that misused or stolen access credentials provide the network entry point for hackers. And just under a third of them say they're confident that their organizations are able to detect improper access.

Often when organizations lack the capabilities of granularly limiting or auditing access, they tend to default toward more open access models so as not to impede productivity. However, the more access that is provided, the higher likelihood that a small breach of an employee machine will escalate into a network-wide breach of sensitive data stores. Many enterprises find it difficult to strike a decent balance between strong identity and access management (IAM) and user work efficiency, says Kurt Jonson, vice president of corporate strategy for Courion.

"IT security executives are under tremendous pressure to provide open access to stakeholders while at the same time controlling access risks in the face of constant attacks," he says. "Beyond perimeter defense, effective identity and access management is the answer to minimizing the likelihood or impact of a data breach, and IAM is made much easier with the diagnostic capabilities of identity analytics and intelligence."

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
12/10/2014 | 8:27:18 AM
Ghosts of the past return to haunt
Our biggest causes for least privilege policy failures for us has been
  • Situations where people were positioned in roles that provided specific access, then gained another role, and then at some point they were removed from the first role without notifying our IT access provisioning team.
  • Manpower drawdowns where an office reduces to only a small percentage of the original staff.  This has the affect of expanding accesses for those who remain AND impacts situations where separation of duties is a factor.

We are working on cleaning up processes around the first item, but the second item is a different kettle of fish.
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-12
Deskpro Cloud Platform and on-premise 2020.2.3.48207 from 2020-07-30 contains a cross-site scripting (XSS) vulnerability that can lead to an account takeover via custom email templates.
PUBLISHED: 2021-05-12
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".
PUBLISHED: 2021-05-12
An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path.
PUBLISHED: 2021-05-12
evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the `evm` crate can over-allocate memory when it is not needed, making it possible for an attacker to perform d...
PUBLISHED: 2021-05-12
A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 in guestbook via the message board, which could let a remote malicious user execute arbitrary code.