External cyber security risks to surpass insider threats
57 percent of global C-level executives agree that in the next one-to-three years, external threats such as cyber-criminals will become a greater security risk than insider threats, according to Cyber-Ark
In addition to expanding awareness about the risks associated with cyber espionage or advanced persistent threat (APT)-type attacks, internal threats still represent a security challenge for many organizations today.
Consider that nearly one in five of C-level respondents admitted that cases of insider sabotage had occurred at their workplace. 16 percent believe that competitors may have received highly sensitive information or intellectual property including customer lists, product information and marketing plans from sources within their own organization.
The temptation to snoop remains
With recent high-profile attacks that targeted privileged accounts and passwords, like the RSA Security breach, awareness and a sense of urgency will continue to increase around the need to better monitor and control those powerful accounts.
Specific results from global IT staff surveyed found that one quarter (25 percent) said their use of privileged accounts is still not being monitored.
A survey response that has remained fairly constant over the years is identifying the departments most likely to snoop around the network to look at confidential information. With their broad reach and highly privileged, anonymous access to various networks, systems and applications, nearly half (48 percent) of all global respondents chose the IT department as the most likely to snoop. Respondents said that managers were the next most likely (10 percent) followed by human resources (7 percent).
The following results compare “snooping” habits of IT staff around the world:
- When asked if they had ever accessed information on a system that was not relevant to their role, 28 percent of North American IT staff respondents admitted to snooping, while an even greater number in EMEA, 44 percent, admitted to the same behavior.
- Similarly, 20 percent of North American respondents and 31 percent of EMEA respondents said that they or one of their colleagues had used an administrative password to access information that was otherwise confidential or sensitive.
A new question added to this year’s survey focused on measuring how respondents’ perception of privileged account security has changed in light of data breach notification laws.
According to the results, 77 percent of North American IT staff said their perceptions have changed, while much fewer in EMEA, 24 percent, felt the same way.