The insider threat has been a major concern of organizations in both the private and public sector ever since the notorious leak of millions of classified documents by the notorious former defense contractor Edward Snowden. Despite the concern, the insider threat continues to grow and organizations are adding fuel to the fire by unnecessarily handing out privileged user access, according to a new report.
The 2016 Study on the Insecurity of Privileged Users, commissioned by Forcepoint and conducted by the Ponemon Institute, is based on research from 2011, 2014, and 2016. The research findings revealed that most of the 704 IT operations and security managers surveyed believe the risk of privileged user abuse will stay the same or even increase down the road.
Privileged users include “database administrators, network engineers, IT security practitioners and cloud custodians,” according to the report.
“Damage caused by privileged users is the most extensive, the hardest to mitigate and the most difficult to detect, as it is done by authorized users doing things they are authorized to do. This report underscores the enormous gap between organizations’ awareness of the problem and their ability to solve it,” said Forcepoint Technical Director of Insider Threat Solutions, Michael Crouse.
Both the commercial and federal respondents overwhelmingly agreed that privileged users believe they are empowered to access all the information they can view, and that many access sensitive or confidential data simply out of curiosity.
The government-specific findings revealed that 51 percent of respondents said organizations are unnecessarily assigning access to individuals that go beyond their role or responsibilities. And yet, despite the serious risk posed by privileged user abuse, only 17 percent said they have a dedicated budget for reducing the insider threat.
Furthermore, although over half of the federal respondents believe their organizations can effectively monitor privileged user activity, three-quarters said security tools do not provide enough contextual information. Sixty-three percent of respondents also said security tools yield a high number of false positives.
Although the report underscored that organizations are aware of privileged access abuse and the need to mitigate insider threats, there is an enormous gap between their awareness of the problem and their ability to solve it. Over half of federal respondents said they are either somewhat or not at all confident in their enterprise-visibility for privileged user access.
“The best approach to mitigating privileged user abuse is a comprehensive and layered approach that implements best practices, incorporates process and technology and most importantly, addresses the people behind the permissions,” said Crouse.