Privileged access concerns

Bomgar’s annual Privileged Access Threat Report highlights that privileged insider and third-party access to an organisations’ network is one of the biggest concerns to IT professionals globally.

Bomgar has launched the 2018 Privileged Access Threat Report. The global survey explores the visibility, control, and management that IT organisations in the U.S. and Europe have over employees, contractors, and third-party vendors with privileged access to their IT networks. According to the report, formerly called the Secure Access Threat Report, 50% of organisations have suffered a serious data breach or expect to do so in the next six months due to third-party and insider threats.

This year’s report found that external threats are not the main concern for IT professionals, but rather breaches that are linked to vulnerabilities caused by staff or third-party vendors operating within an organisation’s own network. In fact, 50% of organisations claimed to have suffered a serious information security breach or expect to do so in the next six months, due to third-party and insider threats – up from 42% in 2017. Additionally, 66% of organisations claimed that they could have experienced a breach due to third-party access in the last 12 months, and 62% due to insider credentials.

However, a large part of this risk sits with the organisations themselves, as the report found that 73% rely on third-party vendors too heavily, and 72% have cultures that are too trusting of partners. In an age where data breaches have immense financial and reputational implications for businesses, these organisations have far too much faith towards those that operate within their network.

The report also found that problematic employee behaviour continues to be a challenge for a majority of organisations. Writing down passwords, for example, was cited as a problem by 65% of organisations, an increase of 10% over 2017. Colleagues telling each other passwords was also a big problem for 54% of organisations in 2018, rising from 46% in 2017. This rise may indicate that poor password hygiene continues to be a growing issue, or it may be that organisations are more aware of these behaviours due to an increased focus on data protection and privacy. Either way, the numbers indicate that securing credentials and passwords continues to be an issue for security and IT professionals.

“IT administrators and third-party vendors need privileged access to be able to do their jobs effectively, but the number of privileged users is growing exponentially, and access to systems and data is often being granted in an uncontrolled way,” commented Matt Dircks, CEO of Bomgar. “In the face of growing threats, together with the introduction of the EU GDPR, there has never been a greater need to implement organisation-wide strategies and solutions to manage and control privileged access.”


The report did show that some organisations are managing these risks with a privileged identity and access management (PAM) solution. From the research, these same organisations experience less severe security breaches and have better visibility and control than those who use manual solutions or no solution at all. In fact, less than half (44%) of organisations using PAM experienced a serious breach or expect to in the next 6 months, compared to 69% of those without control of their privileged users.

“As the vendor ecosystem grows, and employees are granted more trust, organisations need to accept that the way to mitigate risks is by managing privileged accounts through technology and automated processes that not only save time, but also provide visibility across the network,” Dircks added. “By implementing cybersecurity policies and solutions that also speed business performance, versus putting roadblocks in users’ way, organisations can begin to seriously tackle the privileged access problem.”

Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
Trend Micro has released new research detailing the murky cybercrime supply chain behind much of the recent surge in ransomware attacks. Demand has increased so much over the past two years that many cybercriminal markets now have their own “Access-as-a-Service” sections.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Research from Avast has found that employees in almost a third (31%) of Small and Medium Businesses (SMBs) in the UK are connecting to the corporate network using personal devices that do not have any security controls in place, according to IT Decision Makers (ITDMs) within SMBs.
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53% offer backup services.
Trend Micro has published new research revealing that 90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board.
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real terms’ during 2022 – leading to increased cyber vulnerability.
State of Industrial Cybersecurity report reveals only 21% of organizations achieved full maturity for ICS/OT cybersecurity and regularly inform the C-suite and board about OT cyber status.