The majority of IT security executives understand the risk created by misused or stolen credentials, but only a third are confident of their organisation’s ability to detect improper access.
According to a survey of 35,400 executives by Courion, 97 per cent were aware of the risk, but only 29 per cent were confident in their own organisations ability to effectively remediate those access risks.
It found that 72 per cent of respondents were certain that their organisation enforces a “least privilege” policy where employees only have access to what is needed to perform their daily duties, but 43 percent admit their organisation is unaware when access privileges are increased or when access behaviour departs from the norm.
It also found that 76 per cent believed that their organisation knows who has administrative privileges.
“IT security executives are under tremendous pressure to provide open access to stakeholders while at the same time controlling access risks in the face of constant attacks,” said Kurt Johnson, vice president of corporate strategy at Courion.
“Beyond perimeter defence, effective identity and access management is the answer to minimising the likelihood or impact of a data breach, and IAM is made much easier with the diagnostic capabilities of identity analytics and intelligence.”17