TECH TALK
“Users often
insist they
need full
administrative
privileges.”
John Hathaway, Regional
Sales Manager, Middle East at
BeyondTrust
“Forrester
research finds
that 80% of
data breaches
are the result
of the abuse
or misuse of
privileged
credentials.”
F
or years, security experts have
outlined best practices for
privileged access management
(PAM) in an effort to reduce problems
associated with the abuse of
privileged credentials. Despite this, IT
organisations continue to struggle with
privileged access management.
To understand why, BeyondTrust
recently surveyed nearly 500 IT
professionals from around the world
with involvement in privileged access
www.intelligentcio.com
management. Because so many
attacks start with the misuse of
privileged accounts, it is not surprising
that respondents rated the following
three security measures as extremely
important to their efforts:
• Privileged access management
(83%)
• Privileged session management
(74%)
• Privileged elevation management
(74%)
When asked what issues keep them
awake at night, respondents most
often cited the misuse of personally
identifiable information (86%),
downtime of computing systems (85%)
and loss of intellectual property (80%).
Yet, despite these widespread concerns,
Forrester research finds that 80%
of data breaches are the result of
the abuse or misuse of privileged
credentials. The BeyondTrust survey
finds the ‘Five Deadly Sins of Privileged
Access Management’ are to blame for
this contradiction between the fact that
so many IT organisations struggle to
secure sensitive information despite
their high levels of awareness and
commitment to PAM:
1. Apathy: When asked to list the top
threats associated with passwords,
respondents listed employees
sharing passwords with colleagues
(79%), employees not changing
default passwords their devices
ship with (76%) and using weak
passwords like “12345” (75%).
Despite knowing better, respondents
admitted that many of these same
bad practices are common within
their organisation. A third of the
respondents report users routinely
share passwords with each other,
and a fourth report the use of
weak passwords. Shockingly, one in
five report many users don’t even
change the default passwords.
2. Greed: Users often insist they
need full administrative privileges
over their devices, and that
creates problems for IT. 79% of
respondents cite allowing users
to run as administrators on their
machines as their biggest threat,
followed by not having control over
applications on users’ machines
(68%). Yet, nearly two in five
respondents admit it is common
for users to run as administrators
on their machines. It is no surprise
that many respondents say these
practices have directly caused
downtime of computing systems.
3. Pride: As the saying goes, pride
cometh before the fall. One in five
respondents say attacks combining
privileged access with exploitation
of an unpatched vulnerability are
common. Simply patching known
system vulnerabilities can prevent
most of today’s commonly-reported
attack vectors. Yet, too often, IT does
not stay current on their patches.
INTELLIGENTCIO
87