Despite prioritizing privileged access management, a majority of enterprises fail to prevent the abuse or misuse of privileged credentials
PHOENIX, AZ--(Marketwired - Sep 20, 2017) - BeyondTrust, the leading cyber-security company dedicated to preventing privilege misuse and stopping unauthorized access, today announced its annual Privileged Access Management survey which identified the "Five Deadly Sins of Privileged Access Management," and how they prevent organizations from effectively protecting sensitive information.
For years, security experts have outlined best practices for privileged access management (PAM) in an effort to reduce problems associated with the abuse of privileged credentials. Despite this, IT organizations continue to struggle with privileged access management.
To understand why, BeyondTrust recently surveyed nearly 500 IT professionals from around the world with involvement in privileged access management. Because so many attacks start with the misuse of privileged accounts, it is not surprising that respondents rated the following three security measures as somewhat to extremely important to their efforts:
When asked what issues keep them awake at night, respondents most often cited the misuse of personally identifiable information (86%), downtime of computing systems (85%), and loss of intellectual property (80%).
Yet, despite these widespread concerns, Forrester research finds that 80 percent of data breaches are the result of the abuse or misuse of privileged credentials1. The BeyondTrust survey finds the "5 Deadly Sins of Privileged Access Management" are to blame for this contradiction between the fact that so many IT organizations struggle to secure sensitive information despite their high levels of awareness and commitment to PAM:
1. Apathy: When asked to list the top threats associated with passwords, respondents listed employees sharing passwords with colleagues (79%), employees not changing default passwords their devices ship with (76%), and using weak passwords like "12345" (75%). Despite knowing better, respondents admitted that many of these same bad practices are common within their organization. A third of the respondents report users routinely share passwords with each other, and a fourth report the use of weak passwords. Shockingly, one in five report many users don't even change the default passwords!
2. Greed: Users often insist they need full administrative privileges over their devices, and that creates problems for IT. 79% of respondents cite allowing users to run as administrators on their machines as their biggest threat, followed by not having control over applications on users' machines (68%). Yet, nearly two in five respondents admit it is common for users to run as administrators on their machines. It is no surprise that many respondents say these practices have directly caused downtime of computing systems.
3. Pride: As the saying goes, pride cometh before the fall. One in five respondents say attacks combining privileged access with exploitation of an unpatched vulnerability are common. Simply patching known system vulnerabilities can prevent most of today's commonly-reported attack vectors. Yet, too often, IT does not stay current on their patches.
4. Ignorance: Two-thirds say managing least privilege for Unix/Linux servers is somewhat to extremely important. One popular option is Sudo. However, just 29 percent say Sudo meets their needs. The most commonly cited problems with Sudo include being time-consuming to use (32%), complexity (31%) and poor version control (29%). Despite this, the typical respondent runs Sudo on 40 workstations and 25 servers.
5. Envy: Enterprises are rushing to embrace cloud computing. Yet, more than a third report that they are not involved in protecting SaaS applications from privileged access abuse.
There are steps any organization can take to address the 5 Deadly Sins of Privileged Access Management:
To learn more about how to implement these recommendations to unify your privileged access policies across on-premise and cloud environments, download the full report from the BeyondTrust web site.
About BeyondTrust
BeyondTrust is a global information security software company that helps organizations prevent cyber attacks and unauthorized data access due to privilege abuse. Our solutions give you the visibility to confidently reduce risks and the control to take proactive, informed action against data breach threats. And because threats can come from anywhere, we built a platform that unifies the most effective technologies for addressing both internal and external risk: Privileged Access Management and Vulnerability Management. Our solutions grow with your needs, making sure you maintain control no matter where your company goes. BeyondTrust's security solutions are trusted by over 4,000 customers worldwide, including half of the Fortune 100. To learn more about BeyondTrust, please visit www.beyondtrust.com.
Follow BeyondTrust
Twitter: http://twitter.com/beyondtrust
Blog: http://beyondtrust.com/blog
LinkedIn: http://www.linkedin.com/companies/beyondtrust
Facebook: http://www.facebook.com/beyondtrust
1 The Forrester Wave™: Privileged Identity Management, Q3 2016. Forrester. Andras Cser. July 8, 2016.
Contact Information:
For BeyondTrust:
Mike Bradshaw
Connect Marketing for BeyondTrust
P: (801) 373-7888
E: