Privileged access management (PAM) solution provider Bomgar released the results of their global 2018 Privileged Access Threat Report. Interestingly enough, the report is more concerned with insider threats and third-party access than with privileged accounts, although there is certainly some overlap between the two.
That isn’t to say that Bomgar does explore the visibility and management issues inherent to privileged access. The report found that only 35% of enterprises have total visibility of which users actually have privileged accounts within their IT environments. 37% of businesses utilize reporting on privileged access account activity and only 34% can identify specific threats stemming from their privileged access users. Of enterprises that have suffered, or expect to soon suffer, a data breach 69% said they have no control over their privileged accounts and 53% said they manually control those credentials and accounts—a significant time commitment.
Collective anxieties abound concerning how privileged account credentials and accounts are handled by their users. 60% of enterprises are concerned about the intentional malicious use of privileged credentials, 62% of those credentials being stolen via phishing. 57% say that employees writing down their credentials is a continual security problem, and 50% are worried about employees sharing their credentials amongst themselves.
Bomgar’s findings concerning third-party threat actors and insider threats were also compelling and surprising. 62% of businesses state that its possible or certain they suffered a data breach as a result of an insider threat, and 66% said the same as the result of a third party vendor. Yet 71% of enterprises reported an increase in third-party vendor integration of 20% or more.
The issue with privileged access boils down to visibility. Without a suitable PAM solution, rogue or orphaned privileged accounts will proliferate and reckless credential behavior will persist putting your enterprise’s data and reputation at risk.
You can download the Bomgar 2018 Privileged Access Threat Report here.
Latest posts by Ben Canner (see all)
- What Can Authentication and Continuous Authentication Protect Against? - June 2, 2020
- Thycotic Announces Acquisition of Onion ID - June 2, 2020
- By the Numbers: Enterprise Identity Security 2020 - May 29, 2020