Report: 93% of U.S. organizations have experienced employee misuse of web applications
Join today’s top leaders online at the Data Summit on March 9. Register here.
A CyberArk global survey of 900 security decision makers found that 93% of US-based organizations (80% globally) experienced misuse or abuse of application access by their employees over the past 12 months. Typically, security teams limit user permissions in apps to what is needed to get the job done (also known as least privilege). However, some users, such as executives, application owners, and administrators, may be granted elevated privileges, allowing them to perform highly sensitive tasks such as approvals and edits.
Examples of such abuse or misuse might be the business manager trying to obtain confidential sales pipeline data that is beyond the scope of his or her role, a firewall administrator temporarily modifying security rules that inadvertently or deliberately expose the organization to an outside threat, or a marketer using shared credentials to make unauthorized updates to the organization’s website or social media pages business.
Surprisingly, the survey also revealed that nearly half of organizations (48%) have limited visibility and control over how employees actually use web applications and process high-value data. With the typical user having access to more than 10 line-of-business applications, many of which contain high-value data, this lack of visibility puts organizations at increased risk of misuse or access abuse. It also puts security teams in a position where they may be unable to quickly determine if privilege abuse in web applications has occurred.
While much attention is paid to preventing the use of weak or stolen credentials via MFA and SSO, research shows that for certain roles with elevated privileges, there is a need for organizations to monitor, manage and monitor end-user activity in applications containing sensitive information. The data.
This data is a wake-up call for organizations. Besides the potential misuse or misuse of users, a common thread in many breaches seen today is that attackers will target privileged credentials once they gain initial access.
Commissioned by CyberArk, this research is based on a census-wide survey of 900 security decision makers and executives at midsize organizations in the US, UK, France, Germany, Australia and Singapore.
Read CyberArk’s full report.
VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Learn more