Employees ruling the roost in system security


Employees ruling the roost in system security

Steve Bell

Over half of the UK’s IT and security professionals have no idea what employees are up to on endpoint devices, claims a survey from the Ponemon Instititute and Avecto, a security firm.

The survey, Cyber Strategies for Endpoint Defense 2014 says from 500 surveyed IT professionals 55% had zero or low visibility on employee behavior, application access and software downloads.

The study also revealed that some ‘power users’ have excessive access to IT infrastructures with an average of 31% of staff reportedly having administrator privileges. It claims this leaves organizations potentially exposed to insider threats and malware and targeted attacks. 

Apparently 42% of respondents said that that the number of staff with admin privileges has increased from last year due to growing demand from employees.

Alarmingly, almost a quarter of respondents cannot determine the number of IT users with admin privileges, despite 34% of total security time being spent on managing user profiles.

The reports says that the findings depict IT departments without adequate power and control over their users with only 5% claiming to be ready to deal with targeted cyber-attacks.

Paul Kenyon, co-founder and EVP of Avecto said: “The lack of visibility that IT security professionals have in terms of user behavior and admin rights, combined with more sophisticated attack vectors, is making securing and managing the endpoint a growing challenge. As a result, this is opening up a huge variety of internal and external vulnerabilities.

“As businesses move to Windows 7/8 in the wake of XP support expiration, they are finding new challenges in the way they have previously managed endpoint security. It is now more important than ever that organisations invest in the security measures they need to protect themselves.”

Larry Ponemon, chairman and founder of the Ponemon Institute said: "Organisations must deploy a layered approach to endpoint security or they will risk opening their systems up to vulnerability from multiple threat sources. The new age of cyber-attacks requires modern defenses and companies must act quickly."

Join the conversation Comment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.