User Monitoring Not Keeping Up With Risk Managers Needs

  /     /     /  
Publicated : 22/11/2024   Category : security


User Monitoring Not Keeping Up With Risk Managers Needs


Biggest concern is negligence, but monitoring capabilities cant detect this type of activity within most applications.



User negligence in handling sensitive data within applications may be a top security concern for IT executives today, but most organizations either dont have or are unsure if they truly have the capability to detect negligent activity within their application portfolio. So says the Ponemon Institute in
a new study
out today on the risks from application access and usage.
Companies and their employees are becoming increasingly dependent upon applications to achieve business goals and increase productivity, the report says. However, the proliferation of applications is creating a serious security risk because identifying users risky behavior and non-compliance with policies can be nearly impossible.
Conducted among over 600 IT and IT security practitioners, the survey found that 71 percent of respondents have deficiencies in monitoring application access and usage. About a third of respondents said that monitoring is done by ad hoc or manual systems, and 20 percent reported that they use  homegrown systems that focus primarily on privileged users. Just one in eight use some sort of commercial auditing or monitoring product to keep tabs on application access and usage of typical users.  
As a result, over half of respondents said they have difficulty identifying application user activities that are illegal or inappropriate in real-time, and the same amount say they cant separate application user abuse from outside attacker activity. Nearly 80 percent of respondents admitted they either were unable, or didnt know if they were able, to capture the actions taken by any given application user from login to logout.
According to survey statistics, user negligence leads the IT security concerns posed by user activity, with 44 percent of respondents naming that as their top concern. Respondents reported that 71 percent of user-related breaches caused by negligence came at the hands of application users, compared with 18 percent by privileged users. And yet most investments today in user monitoring revolve around privileged users. The survey showed that 48 percent of organizations have systems to measure and monitor privileged users, but only 8 percent have similar systems for regular application users.  
Historically, companies have identified these types of risks through audits and assessments of application access and usage logs. This manual process is resource intensive, the report said. In addition, each application logs user actions differently and at varying levels of granularity with many applications not producing logs at all. These logs typically contain hundreds or thousands of discrete events in obscure technical language. As a consequence, organizations that rely upon logs from applications and devices find it nearly impossible to determine what a user actually did.

Last News

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
User Monitoring Not Keeping Up With Risk Managers Needs