The NSA’s notorious insider breach has caused 52 percent of IT security professionals to reconsider their approach to user and systems administrator privileges, yet the majority aren’t taking action, according to Avecto. Its findings reveal that organizations continue to lag when it comes to controlling the use of administrator rights in their IT environment.
Conducted at the McAfee FOCUS 2013 conference in October, the survey comprises responses from 348 decision-making information security professionals. While the majority of respondents said the recent Edward Snowden affair has heightened concerns around IT admins with excess privileges, 73 percent admitted that their organizations’ privilege management policies remain unchanged.
Though 33 percent of respondents cited rogue employees as the most important security threat to their organization, 40 percent of respondents pointed to malware as the key vulnerability. This further demonstrates why organizations must prioritize their policies around administrative rights, given that users with excess privileges are more likely to introduce malware via unauthorized downloads or system tweaks.
Other notable findings include:
- For organizations that have reduced the number of administrator rights in their IT environment, malware mitigation was the key driver for 33 percent of them, followed by external compliance (14 percent), internal compliance (11 percent) and insider threat (11 percent).
- More than 50 percent of respondents claimed that their system administrators posed moderate to high risk to the network, yet only 20 percent are aware of how many server administrators in their organization are currently running with administrator rights.
- 45 percent of respondents have experienced server outages due to configuration errors by server administrators.
“Media attention around the NSA’s high-profile breach has created a significant turning point in how organizations think about security, with the IT function now increasingly aware of how attacks can stem from users and system admins with excess privileges,” said Mark Austin, CEO at Avecto. “But awareness alone is not enough for network protection. Closing the disparity between those who realize the risks and those who are actively mitigating them is essential if organizations are to effectively defend against cybercrime, especially in today’s advanced threat landscape.”
Austin continues, “Enterprises are finding that the principle of least privilege, which leverages targeted privilege elevation and grants users standard accounts rather than administrator ones, can enable tighter security around excessive rights, without restricting employees from efficiently carrying out their day-to-day tasks.”