Lack of visibility into user activity increase risk of credential theft and insider threats - CyberArk
Organisations with limited visibility into user activity and web application sessions are courting risks such as credential theft and insider threats, according to a recent survey from CyberArk.
A survey of 900 medium-to-enterprise organisations in Australia, Singapore, France, Germany, the United Kingdom and the United States found that globally, 80% have experienced situations where employees have either misused or abused their access to business applications. In Singapore, 83% of organisations had experienced the same, followed by 77% of organisations in Australia.
The figure is concerning, particularly as end users have access to more than 10 business applications that often hold high-value company data. The applications of most concern include IT service management apps, cloud consoles, and marketing and sales enablement applications.
Almost half (48%) globally say their visibility into user logs and user activity is limited, which creates ‘blind spots’ for potentially risky behaviour. Despite this, security teams within organisations believe that investigating risky user activity takes a lot of time with few resources, particularly when they have other things to focus on areas such as incident response.
Despite this lack of visibility, more than half (54%) investigate risky behaviour weekly, and 34% investigate monthly. Additionally, 44% want to see the same security controls across all applications, and 41% say better visibility would speed up their response to security incidents.
According to CyberArk access management general manager Gil Rapaport, it is important to ensure both security and usability.
“As more high-value data migrates to the cloud, organisations should make certain the proper controls follow suit to manage risk accordingly while enabling their workforce to operate without disruption.
“Today, any user can have a certain level of privileged access, making it ever more important that enterprises add security layers to protect the entire workforce as part of a comprehensive Identity Security strategy and Zero Trust framework.”
- Australian organisations are the least proactive globally when it comes to investigating and reporting security incidents and compliance. Just 28% of organisations report weekly and 22% reporting even less frequently – quarterly
- In the past year, 73% of Australian organisations encountered a situation where an employee misused or abused access to business apps, slightly less than the global rate of 80%.
- In the past year, more than 83% of Singapore organisations encountered a situation where an employee misused or abused access to business apps
- At 75% of Singapore organisations, the typical user has access to more than 10 business applications, many of which have high-value data
- Overall, 56% of organisations surveyed said they have limited ability to view user logs and audit user activity.