The question is why organizations continue to have limited visibility into user activity and access privileges.
In a survey of 900 security decision makers and leaders at medium to enterprise-sized organizations in the USA, the UK, France, Germany, Australia and Singapore, 80% of responding organizations had experienced employees misusing or abusing access to business applications in the past year.
Also, 48% of them had a limited ability to view user logs and audit user activity, leaving a blind spot for catching potentially risky behavior in user sessions.
Other findings of the survey include:
- 70% of respondents indicated that the average end-user had access to more than 10 business applications, many of which contain high-value data.
- The top-three high-value applications that organizations were most concerned with protecting against unauthorized access were IT service management apps, cloud consoles and marketing and sales enablement applications.
- 54% of organizations in the survey investigated user activity stemming from security incidents or compliance at least weeklyversus 34% percent of organizations that investigated monthly.
- 44% of organizations in the survey indicated that they needed to enable the same security controls across all applications amid disparate built-in application controls.
- 41% of respondents indicated that better visibility into user activity would enable them to identify the source of a security incident more quickly.
- For many security teams in the survey, investigation into questionable user activity represented a significant investment of time and drag on thin resources, and had to be balanced with other priorities such as improving incident response and enforcing consistent controls across applications to reduce threat of credential theft.
The research by CyberArk highlight a common lag in implementing the security controls necessary to mitigate risk of human error or malicious intent. Many security and compliance teams have limited resources, visibility and control over how confidential data is being handled, or what is being done during a user session.
Organizations can record and protect user web application sessions by:
- Recording and searching every click and data change made within a protected app while maintaining a frictionless user experience
- Implementing continuous monitoring and re-authentication, such as when a user steps away from a device during a session, reducing risk of abuse
- Protect web sessions from threats originating on the endpoint and restrict data exfiltration actions, such as copying of data and file downloads
According to the firm’s General Manager (Access Management), Gil Rapaport: “As more high-value data migrates to the Cloud, organizations should make certain the proper controls follow suit to manage risk accordingly while enabling their workforce to operate without disruption. Today, any user can have a certain level of privileged access, making it ever more important that enterprises add security layers to protect the entire workforce as part of a comprehensive Identity Security strategy and Zero Trust framework.”