According to the results of a recent survey of 704 IT operations and security managers, 66 percent of respondents believe privileged users access sensitive or confidential data simply out of curiosity, and 74 percent think privileged users believe they're empowered to access all the information they can view.
Still, the survey, commissioned by Forcepoint and conducted by the Ponemon Institute, also found that just 43 percent of commercial organizations and 51 percent of federal organizations currently have the capability to monitor privileged user activity, and a majority of respondents said just 10 percent or less of their budget is dedicated to addressing the issue.
Only 18 percent of respondents are very confident that they have enterprise-wide visibility for privileged user access, and 46 percent believe malicious insiders would use social engineering to obtain privileged user access rights.
The survey also found that 58 percent of respondents believe their organizations are unnecessarily granting access to individuals beyond their roles or responsibilities, and 91 percent predict that the risk of insider threats will continue to grow or stay the same.
"The best approach to mitigating privileged user abuse is a comprehensive and layered approach that implements best practices, incorporates process and technology and most importantly, addresses the people behind the permissions," Forcepoint technical director of insider threat solutions Michael Crouse said in a statement. "Damage caused by privileged users is the most extensive, the hardest to mitigate and the most difficult to detect, as it is done by authorized users doing things they are authorized to do."
A separate Mimecast survey of 600 IT security managers found that 90 percent of respondents called malicious insiders a major threat to their organizations' security, and 45 percent said they're ill-equipped to cope with insider threats.
Fifty-three percent of respondents to the Mimecast survey view malicious insiders as a moderate or high threat to their organizations, and one in seven view malicious insiders as their number one threat.
In response, Mimecast suggests taking the following five steps to safeguard against malicious insiders:
- Assign role-based permissions to administrators to better control access to key systems and limit the ability of a malicious insider to act.
- Implement internal safeguards and data exfiltration control to detect and mitigate the risk of malicious insiders when they do strike, to cut off their ability to send confidential data outside the network.
- Offer creative employee security training programs that deter potential malicious insiders in the first place and help others to spot the signs so they can report inappropriate activity to their managers. Then back that up with effective processes to police and act swiftly in the event of an attack.
- Nurture a culture of communication within teams to help employees watch out for each other and step in when someone seems like they've become disenchanted or are at risk of turning against the company.
- Train your organization's leadership to communicate with employees to ensure open communication and awareness.
"Organizations of all sizes struggle with the risks that are posed by employees being targeted by adversaries to launch and execute attacks to gain access to data or funds," Mimecast CEO Peter Bauer said in a statement.
"Every day, we trust employees with sensitive information and powerful tools, but we don't give them the effective security education and advanced cloud security solutions that go hand-in-hand with those responsibilities," Bauer added.
Photo courtesy of Shutterstock.