Organizations Still Give Employees More Access Than They Need

  /     /     /  
Publicated : 22/11/2024   Category : security


Organizations Still Give Employees More Access Than They Need


Ponemon study shows that access to proprietary information remains on the rise.



As the enterprise increasingly requires employees to have more access than ever to sensitive and proprietary information, improvements to how well companies enforce access policies and track employee use of files are still slow on the uptake. According to a new study out by Ponemon Institute, the rate at which employee access is expanding outstrips the rate at which least privilege and other policy enforcements are gaining steam. 
Sponsored by Varonis,
the study
queried over 3,000 employees in US and European organizations, approximately half from line-of-business roles and half from IT roles, to examine practices and attitudes about insider behavior with regard to sensitive data. Trends were also tracked against a similar study from 2014 to see how things have changed in the past two years.
Ponemon showed that the amount of access and use of proprietary information is on the rise --the number of employees who reported their job requires such access increased by 12 points to 88% this year. In the good news category, the percent of end users who report they have access to data they probably shouldnt see has decreased from 71% down to 62%. However, thats still a high number and shows theres still lots of room for improvement.
This survey raises key points as to why hackers are able to maximize impact — too many employees have too much access, beyond what they need to do their jobs, says Dr. Larry Ponemon, author of the report and chairman and founder of Ponemon Institute. On top of this, when employees access valuable data and their activity is not tracked or audited, it becomes far too easy for an external hacker or a rogue insider to get away unnoticed.
According to the study, 76% of organizations have experienced the loss or theft of company data over the past two years, a number rising since 2014. About three of four IT practitioners say that either negligent or malicious employees or contractors are the most likely to compromise accounts within their organizations and 55% say that their biggest worry is negligent insiders.
IT practitioners report that only about 29% of organizations fully enforce a least-privilege model of access control. Thats up by nine points, but it shows that two-thirds of organizations are still lax with their controls. In fact, over one-quarter of organizations still do not enforce least-privilege at all. Meanwhile, when it comes to keeping on-going tabs on access activity, over half of organizations report that they review access to file shares or other collaborative data stores only annually or not at all. Additionally, a full 35% of organizations do not maintain a searchable record of file system activity.
All of this makes it difficult for companies to quickly detect employees or employee accounts accessing files and emails theyre not authorized to see. About 57% of organizations take a week or longer to do so. 
 
Related Content:
Phishing, Whaling & The Surprising Importance Of Privileged Users
7 Ways To Charm Users Out Of Their Passwords
4 Steps To Achieve MFA Everywhere

Last News

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Organizations Still Give Employees More Access Than They Need