News Stay informed about the latest enterprise technology news and product updates.

Enterprises fear insiders, but lack privileged user controls

A new survey finds that, despite the huge looming threat of malicious insiders, many enterprises fail to implement proper privileged user controls.

Prompted by the intense news coverage surrounding former NSA contractor Edward Snowden and the WikiLeaks website, enterprises are as concerned as ever about the threat of insiders leaking sensitive information. Despite that concern, newly released survey results indicate that many organizations lack fundamental controls for limiting and monitoring the activity of privileged users, a key step in mitigating the insider threat.

For its newly released report, "Privileged User Abuse and the Insider Threat," the Ponemon Institute surveyed nearly 700 users with in-depth knowledge of how their respective organizations manage privileged users. Out of those respondents, 88% signaled that they expect the risk stemming from privileged users to stay the same or grow in the coming years.

Dig Deeper on Security Awareness Training and Internal Threats-Information

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What steps has your organization taken to monitor and control the activities of privileged users?
I can think of two ideas that could help.  One is two factor authentication, which can be used to trace the identity of who actually performs certain actions.  Another might be forcing API and privileged functions to require escalated privilege notification to draw such operations to the attention of whoever monitors a given software.
Our organization have started using CyberArk PIM Solution.
Insiders are often said to be the biggest problem in enterprises, but how much of this is the result of deliberate maliciousness, as opposed to deliberate lack of companies to train their employees in techniques and strategies to better handle their privileges, avoid being put in a compromising situation, and to steer clear of easily noticeable phishing scams.