Many employees misuse web applications at work, despite the various consequences, a new report from identity security firm CyberArk reveals.
Surveying 900 enterprise security leaders around the world, CyberArk found that 80 percent have identified the misuse or abuse of business applications within the last year.
In 70 percent of organizations, the average end-user can access at least ten business applications, the report states. Many of these apps contain high-value data, such as financial records, customer or patient information, or intellectual property. That makes them a prime target for malicious actors looking to capitalize on employee misbehavior.
When asked which were the top high-value applications the respondents wanted to protect, most cited IT service management apps, cloud consoles, and marketing and sales enablement applications.
To better protect their digital assets, businesses need to increase their visibility into user activity and web application sessions. More than two in five respondents (41 percent) said better visibility into user activity would help them identify the source of a security incident faster.
For many security teams, however, this would require a “significant investment of time”, draining already stretched resources. IT teams are often forced to balance this need with other priorities, such as improving incident response, or enforcing consistent controls across applications.
Today, almost half (48 percent) of organizations have limited ability to view user logs and audit user activity, creating an ideal opportunity for criminals and other malicious actors.