New research from CyberArk has revealed that more than half (51%) of global IT security professionals believe insider threats are one of the greatest threats to their organisation.
The firm's CyberArk Global Advanced Threat Landscape Report 2018 surveyed over 1,300 IT security decision makers, DevOps and App Developer professionals across seven countries worldwide to better understand the the security threats facing organisations today.
Despite the fact that insider threats are seen as one of the greatest security threats to businesses, over the last two years the number of administrative privileges granted on employee devices has increased significantly. The proportion of employees who have been given local administrative privileges to install new software and change configuration settings on their endpoint devices at work has increased from 62% in 2016 to 87% in 2018.
CyberArk's report also revealed that while two thirds (64%) of respondents recognised that their organisation is susceptible to carefully crafted attacks, there is a lack of knowledge as to exactly how they are exposed. Almost half (49%) agree that they lack knowledge about their organisation's security policies with 15 per cent unsure where the greatest security risks to their organisations lie.
However, 89 per cent of those surveyed recognise that IT infrastructure and critical data are not fully protected unless privileged accounts and their credentials are secured.
CyberArk's Director of Customer Development EMEA David Higgins stressed the fact organisations need IT security leaders who understand the threats facing their business, saying:
“According to a recent report, on average cybercrime drains $11.7 million per business annually - an increase of 62% in the last five years. Organisations therefore need switched-on IT security leaders who understand their organisation’s security practices, how exposed they are to risk and where they are vulnerable. Ignoring the power of privileged accounts and credentials could invite hackers to access critical enterprise assets and force executives to give up their knowledge, and even power, to an unwanted intruder. As always, prevention is better than cure, and if organisations understand how they could be compromised in advance, they can secure business critical accounts and intellectual property more quickly in the event of an attack.”
Image Credit: Andrea Danti / Shutterstock