A majority of organizations acknowledge that their employees have misused or abused access to business applications, reveals a new survey.
Conducted by identity and access management (IAM) vendor CyberArk, the survey of 900 enterprise security leaders from around the world, suggests that a lack of security controls and visibility into user activity is one of the leading factors that continues to put businesses at risk.
This resonated with as much as 80% (85% in the UK) of the respondents, who suggested that the lack of visibility gave rise to the risk of insider threats and credential theft.
CyberArk argues that while the adoption of web applications has been beneficial to businesses, most lag in implementing the necessary security controls in order to eradicate the risk of human error, or worst still, malicious intent.
In fact nearly half (48%) of the respondents said they have limited ability to view user logs and audit user activity, which they acknowledge leaves a rather large blind spot in terms of spotting potentially risky behavior in user sessions.
“Today, any user can have a certain level of privileged access, making it ever more important that enterprises add security layers to protect the entire workforce as part of a comprehensive Identity Security strategy and Zero Trust framework,” said Gil Rapaport, general manager, Access Management, CyberArk.
This is even more worrying considering the fact that in 70% of organizations, the average end-user has access to more than ten business applications, many of which contain high-value data.
To that end, the survey finds that the top-three high-value applications that organizations are most concerned with protecting from unauthorized access include IT service management (ITSM) apps such as ServiceNow, cloud computing platforms such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), and marketing and sales enablement applications such as Salesforce.
“Ensuring security and usability is key. As more high-value data migrates to the cloud, organizations should make certain the proper controls follow suit to manage risk accordingly while enabling their workforce to operate without disruption,” suggests Rapaport.