By Ericka Chickowski
Two surveys show how little enterprises enforce and track least-privilege policies.
Two new surveys out today show how easy enterprises make it for attackers to steal vast quantities of data with just a few successful breaches of employee machines: Employees typically are given far more access to sensitive data than they need to get their jobs done, and enterprises don't do enough to track access behavior.
That failure to enact the very fundamental security principle of auditable least-privilege only increases the risk profile of the employer.
The first report comes by way of the Ponemon Institute, which queried more than 1,000 end-users and 1,000 IT professionals about access patterns, on behalf of Varonis. It showed that among the 1,100 users surveyed, over 70 percent report that they have access to company data they shouldn't be able to see. And of those, more than half report that they use that access frequently. At the same time, among the IT professionals surveyed by Ponemon, four out of five of them report that their organizations don't enforce strict least-privilege data models.
full article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.