Organizations have heightened their awareness of insider security threats, but still struggle with how to mitigate the risk of the “human factor” and protect information assets, a new report, "Privileged User Abuse & The Insider Threat," reveals.
Privileged users have always posed a threat to companies, whether they expose information inadvertently or with malicious intent. But, in the aftermath of Edward Snowden's revelations and Wikileaks, “awareness is high — 88 percent recognize insider threats are cause for alarm,” believing that the risk of privileged user abuse will grow or remain the same in the next two years, Michael Crouse, director of insider threat strategies at Raytheon, the company that commissioned the study from the Ponemon Institute, told SCMagazine.com.
But, he added, 69 percent don't have tools that provide contextual information or the ones they do have generate too many false positives.
The findings come from a survey of 693 respondents qualified as privileged by their level of access to the IT networks, enterprise systems, applications and information assets in their organizations. Of those respondents, 75 percent said they required privileged status to do their jobs, the other 25 percent said they didn't, but had it anyway for two main reasons — 38 percent said coworkers at their level had access for no particular reason and their organizations didn't revoke access when their roles changed within the company.
That reflects a common problem revealed in the survey. Organizations simply don't have policies for assigning privileged user access, according to 49 percent of the respondents. Although, there has been an uptick — from 31 percent in 2011, the first year Ponemon published this report, to 35 percent in 2014 — in the number of organizations that have well-defined policies in place, centrally controlled by corporate IT.
That's a situation that organizations must remedy soon, considering that 55 percent of the respondents said that curiosity, not job necessity, drove them to access information and 73 percent believe they have the authority, feel empowered, to access data.
“What they do with information is where the rubber meets the road,” Crouse said. “Companies need to bolster guidelines for what people are doing with it."