The global survey explores the visibility, control, and management that IT organizations in the U.S. and Europe have over employees, contractors, and third-party vendors with privileged access to their IT networks.
According to the report, formerly called the Secure Access Threat Report:
- 50% of organizations have suffered a serious data breach or expect to do so in the next six months due to third-party and insider threats.
- Privileged insider and third-party access to an organizations’ network is one of the biggest concerns to IT professionals globally.
- Less than 35% of security and IT professionals feel very confident that they have ability to identify threats from employees with privileged access.
- 75% have seen the number of vendors with access to their networks increase in the last year, but 33% believe they spend too little time monitoring third-party vendor access.
This year’s report found that external threats are not the main concern for IT professionals, but rather breaches that are linked to vulnerabilities caused by staff or third-party vendors operating within an organization’s own network. In fact, 50% of organizations claimed to have suffered a serious information security breach or expect to do so in the next six months, due to third-party and insider threats – up from 42% in 2017. Additionally, 66% of organizations claimed that they could have experienced a breach due to third-party access in the last 12 months, and 62% due to insider credentials.
However, a large part of this risk sits with the organizations themselves, as the report found that 73% rely on third-party vendors too heavily, and 72% have cultures that are too trusting of partners. In an age where data breaches have immense financial and reputational implications for businesses, these organizations have far too much faith towards those that operate within their network.
The report also found that problematic employee behavior continues to be a challenge for a majority of organizations. Writing down passwords, for example, was cited as a problem by 65% of organizations, an increase of 10% over 2017. Colleagues telling each other passwords was also a big problem for 54% of organizations in 2018, rising from 46% in 2017. This rise may indicate that poor password hygiene continues to be a growing issue, or it may be that organizations are more aware of these behaviors due to an increased focus on data protection and privacy. Either way, the numbers indicate that securing credentials and passwords continues to be an issue for security and IT professionals.
“IT administrators and third-party vendors need privileged access to be able to do their jobs effectively, but the number of privileged users is growing exponentially, and access to systems and data is often being granted in an uncontrolled way,” commented Matt Dircks, CEO of Bomgar. “In the face of growing threats together with the introduction of the EU GDPR, there has never been a greater need to implement organization-wide strategies and solutions to manage and control privileged access.”
The report did show that some organizations are managing these risks with a privileged identity and access management (PAM) solution. From the research, these same organizations experience less severe security breaches and have better visibility and control than those who use manual solutions or no solution at all. In fact, less than half (44%) of organizations using PAM experienced a serious breach or expect to in the next 6 months, compared to 69% of those without control of their privileged users.
“As the vendor ecosystem grows, and employees are granted more trust, organizations need to accept that the way to mitigate risks is by managing privileged accounts through technology and automated processes that not only save time, but also provide visibility across the network,” Dircks added. “By implementing cybersecurity policies and solutions that also speed business performance, versus putting roadblocks in users’ way, organizations can begin to seriously tackle the privileged access problem.”
1021 key decision makers with visibility over the processes associated with enabling internal users and external parties to connect to their systems completed a survey in February 2018. Those surveyed were all IT professionals across operations, IT support/helpdesk, IT security, compliance and risk or network/general IT roles. Respondents were from a range of industries, including manufacturing, finance, professional services, retail, healthcare, telecoms and the public sector. The survey was conducted across the United Kingdom, the United States, Germany and France.
The Privileged Access Threat Report was released this week at RSA Conference in San Francisco where Bomgar is exhibiting in booth 2331. The report is available for download at https://www.bomgar.com/resources/whitepapers/privileged-access-threat-report.
Bomgar’s secure access solutions enable customers to easily support people, access and protect endpoints, and defend privileged credentials, in order to fight cyber threats and speed business performance. More than 13,000 organizations around the globe use Bomgar to deliver superior support services and reduce threats to valuable data and systems. Bomgar clients include some of the world’s leading IT outsourcers, systems integrators, software vendors, healthcare organizations, government agencies, universities, financial institutions, and retailers. Bomgar is privately held with offices in Atlanta, Austin, Jackson, Los Angeles, Washington D.C., Frankfurt, London, Paris, and Singapore. Connect with Bomgar at www.bomgar.com