Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

3/24/2015
12:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

BeyondTrust Survey Finds That More Than One Out of Four Organizations Have No Controls Over Privileged Access

Fragmented priorities, total cost of ownership seen as inhibitors of enterprise adoption

PHOENIX, March 24, 2015 – BeyondTrust®, the global cyber security company dedicated to proactively eliminating data breaches from insider privilege abuse and external hacking attacks, today announced the results of its recently conducted survey, Privilege Gone Wild 2. Even though nearly half of the survey respondents admit they have employees with access rights not necessary to their current role, more than one out of four companies indicated they have no controls in place to manage privileged access.

A recent report by a leading industry analyst firm shared that there are five key solution areas for privileged account management (PAM). However, according to the BeyondTrust survey, only 40 percent of respondents have deployed at least some of these capabilities enterprise-wide, with 30 percent having no solutions at all. With the number of threats that are possibly based on excessive privilege rights, such as the ability to steal credentials, the ease of access to sensitive data, and an increase in the harm that can be done by malicious insiders, companies must do a better job at protecting company assets.

Privilege Gone Wild 2 Survey Key Takeaways:

Privileged account management is viewed as a cross-functional need

·         Security is driving PAM purchases in 82 percent of the organizations surveyed, and are influenced by Compliance (57 percent) and IT Operations (42 percent) teams.

·         Cross-functional needs dictate unified reporting as critical in 56 percent of the organizations.

 

The focus on PAM is increasing, but cost is a concern

·         Seventy-nine percent of respondents indicated that employees are somewhat likely to very likely to access sensitive or confidential data out of curiosity. Almost 60 percent can circumvent whatever controls are in place.

·         Forty-seven percent of the respondents reported that users in their organizations possess elevated privileges not necessary for their roles.

·         Thirty percent of the respondents expect to introduce new PAM technology in 2015, with password and server security claiming top spots on the list of priorities at (29 percent and 26 percent, respectively).

·         Respondents are concerned about cost, however, indicating that the most expensive PAM solutions available in the market are those from CA, Dell/Quest and CyberArk.

 

The risk associated with privileged users is also increasing

 

·         Eighty-four percent believe the risk to their organizations from privileged users will increase over the next few years.

·         Business information is most at risk (42 percent). This includes corporate intellectual property, source code, design documents, trade secrets, and compliance-related data such as PII.

“Shared passwords” are still a problem

·         Over half the respondents indicate that shared passwords are managed “individually.”

·         Thirty-four percent of respondents share passwords “locally,” including on spreadsheets, SharePoint, and Active Directory.

Business-critical, tier-1 applications are at risk

·         Linux- and UNIX-based systems control some businesses most critical applications, including ERP, financial, and ecommerce systems.

·         In a particular area of concern, 60 percent of organizations have critical tier 1 applications running on UNIX or Linux platforms, but more than 57 percent have few or no tools or processes in place to protect against privilege misuse

 

“While several stats in this year’s survey revealed the amount of work that needs to be done in the PAM space, it’s encouraging to see the trend of organizations’ security and IT ops teams willingness to work together to better manage the risks associated with excessive privileges,” said Scott Lang, director of privilege strategies, BeyondTrust. “Therefore, we hope this growing partnership will mean a new interest in deploying and maintaining effective PAM solutions and policies.”

Read more findings from Privilege Gone Wild 2.

The survey reflects responses from 728 IT decision makers including security managers, and network and systems engineers across a number of industries including financial services, manufacturing, and government, among others. The statistics in Privilege Gone Wild 2 highlight the gaping holes in PAM implementation strategies, the risk and added pressure on organizations to gain control over privileged account management, and the concern over cost of deployments.

Only through end-to-end privileged account management capabilities delivered across every scenario, analytics that address the needs of operations and security teams alike, and a lower total cost of ownership will organizations close their privileged gaps.

About BeyondTrust
BeyondTrust is a global cyber security company dedicated to proactively eliminating data breaches from insider privilege abuse and external hacking attacks. Corporate and government organizations rely on BeyondTrust solutions to shrink attack surfaces and identify imminent threats.

The company's integrated risk intelligence platform presents a unique competitive advantage in its ability to reveal critical risks hidden within volumes of user and system data. This unifies IT and Security departments, empowering them with the information and control they need to jointly prevent breaches, maintain compliance, and ensure business continuity.

BeyondTrust's Privileged Account Management and Vulnerability Management solutions are trusted by 4,000 customers worldwide, including over 50% of the Fortune 100. To learn more about BeyondTrust, please visit www.beyondtrust.com.

Follow BeyondTrust
Twitter: http://twitter.com/beyondtrust
Blog: http://blog.beyondtrust.com
LinkedIn: http://www.linkedin.com/companies/beyondtrust
Facebook: http://www.facebook.com/beyondtrust

Media Contact:
Anne Trapasso
Voce Communications for BeyondTrust
P: (585) 813-6111
E: [email protected]

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21513
PUBLISHED: 2021-03-02
Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin acces...
CVE-2021-21514
PUBLISHED: 2021-03-02
Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.
CVE-2020-25902
PUBLISHED: 2021-03-02
Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class.
CVE-2020-1936
PUBLISHED: 2021-03-02
A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.
CVE-2021-27904
PUBLISHED: 2021-03-02
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.