Insider and Third-Party Access Top Cyber-Threats
For most enterprises, it's not a question of whether they'll suffer a serious security breach, but when. A global survey by Bomgar, a provider of secure access solutions, found that security professionals recognize the threats posed by employees, contractors and third-party vendors with privileged access to systems and data. Yet the "2017 Secure Access Threat Report" reveals that organizations still allow such access, often without adequate monitoring and controls. Most companies trust their employees and don't expect them to act maliciously. But they do worry that staffers will skirt security practices to speed up productivity, or that a phishing attack might compromise employees' credentials. Meanwhile, risks from third parties are growing as organizations rely on more vendors and outsourcers. The survey highlights the need to better manage privileged access with solutions that prioritize productivity and usability without sacrificing security. Seamless integration into applications and processes already in use is also a must. Sam Elliot, Bomgar's director of security product management, advises: "Grant privileged access based upon the specific needs of employees or vendors to do their job, rather than giving them all-or-nothing access. Also, ensure that you monitor, record and analyze every support session so that you have a record of who is accessing which system, at which time and for what purpose." He advocates security solutions designed for ease of use by users and administrators alike, along with regular reviews of security policies and employee training. The survey covered 608 IT decision-makers in the United States, the United Kingdom, Germany and France.