Regardless of the consequences, nearly half of 820 company employees and executives plan a revenge if they were fired tomorrow. They admitted that they would walk out with proprietary data such as passwords, company databases, R&D plans and financial reports.
The results of ID management provider Cyber-Ark’s sixth annual global “Trust, Security and Passwords Survey” say that 71 percent believe the insider threat is the priority security concern and poses the most significant business risk. Despite growing awareness of the need to better monitor privileged accounts, only 57 percent say they actively do so. The other 43 percent weren’t sure or knew they didn’t. Of those that monitored, more than half said they are able to get around the current controls.
After last year’s publicized attacks on RSA and Global Payments, enterprise executives are rethinking their security strategy. RSA and Global Payments believed that these attacks involved exploited privileged account access.
In a survey report earlier this June, “These privileged accounts are often protected by weak or default passwords, which are seldom replaced. Businesses that are not securing and managing these high-value targets are failing to uphold their responsibility for securing customer and similar sensitive information.”
The survey of mostly IT managers and executives is an indication that this threat will continue to grow. Other findings include that 45 percent said they have access to information on a system that is not relevant to their position. Forty-two percent indicated that a colleague or themselves have used admin passwords to access information that was confidential. Fifty-five percent believe competitors have received their company’s highly sensitive information or intellectual property, which is a significant increase from past years.
The report states that, “Privileged accounts are an organization’s most powerful access points and are the keys to unlocking a company’s most valuable asset, which is its data. With 42 percent of respondents claiming that they, or their colleagues, have used their administrator passwords to access confidential information, the potential for damage is huge of these accounts are not used for legitimate purposes.”
Results of the survey, taken by IT staff and executives in North America, Europe, Middle East and Asia, show that just a little more than a quarter of all respondents believe that current data breach notification laws have done a lot to curb data losses.
“Whether it’s a malicious insider looking to steal information, or an external attacker seeking to exploit privileged accounts to gain access to the network and sensitive information, it’s clear that privileged access points have emerged as the priority target of enterprise cyber-assaults,” said Udi Mokady, found and CEO of Newton, Mass.-based Cyber-Ark. “This pattern has been demonstrated in some of the most high-profile attacks including Global Payments, Utah Department of Health, and even with the recent Flame virus.”