Intelligent CISO Issue 15 | Page 22

infographic B BeyondTrust’s annual Privileged Access Threat Report highlights that greater privileged access visibility and improved integrations are vital to tackling the modern threat landscape. 22 BeyondTrust, a global leader in privileged access management, has released the 2019 Privileged Access Threat Report. In its fourth edition, the global survey explores the visibility, control and management that IT organisations across the globe – including the UAE and Saudi Arabia – have over employees, contractors and third- party vendors with privileged access to their IT networks. According to the report, 64% believe they’ve likely had either a direct or indirect breach due to misused or abused employee access in the last 12 months and 62% believe they’ve had a breach due to compromised vendor access. Poor security hygiene by employees continues to be a challenge for most organisations. Writing down passwords, for example, was cited as a problem by 60% of organisations, while colleagues telling each other passwords was also an issue for 58% of organisations, a steady increase from 2018’s statistics. The report also highlighted regional differences, with only 28% of Middle East businesses expressing worries about employees downloading data onto a memory stick, while 42% see this as an issue in APAC. Ultimately, 71% of organisations agree that they would be more secure if they restricted employee device access. However, this isn’t usually realistic, let alone conducive to productivity. “Both internal employees and third-party vendors need privileged access to be able to do their jobs effectively but need this access granted in a way that doesn’t compromise security or impede productivity,” commented MOREY HABER, CTO AND CISO OF BEYONDTRUST. “In the face of growing threats, there has never been a greater need to implement organisation-wide strategies and In the face of growing threats, there has never been a greater need to implement organisation- wide strategies and solutions to manage and control privileged access in a way that fits the needs of the user. solutions to manage and control privileged access in a way that fits the needs of the user.” The businesses surveyed reported an average of 182 vendors logging in to their systems every week. At organisations with 5,000+ employees, 23% say they have more than 500 vendors logging in regularly, highlighting the sheer scope of the risk exposure. This year’s report uncovered that trust in vendor access is now lower than trust in employee access, with only one in four (25%) saying they completely trust vendors, in comparison to 37% of employees. This is a stark comparison to last year’s report, where 72% of businesses admitted that they have cultures that are too trusting of third parties. The report also delves into the threats posed by emerging technologies. The risks associated with the Internet of Things (IoT) posed a big concern for the professionals surveyed, with the visibility of logins from IoT devices revealed as the most pressing issue. u Issue 15 | www.intelligentciso.com