Rogue employees, malware exploits and unauthorized software
Posted on 07 June 2013.
While IT security professionals recognize the threat posed by unwitting employees, many still admit to allowing administrative privileges to go unmanaged, making organizations increasingly vulnerable to malware exploits and unauthorized software, according to Avecto.


The study, conducted at Infosecurity Europe in London, UK, surveyed more than 500 decision-making information security professionals. It reveals the extent to which organizations allow employees full control over their desktops, without implementing adequate controls to defend against accidental or deliberate misuse of privileges.

While 41 percent of those surveyed cite rogue employees as the biggest threat to their organization, over 30 percent of respondents admit to having no policy in place for managing administrator access. This is particularly problematic, considering the rise in security incidents caused by rogue employees with administrator rights, such as damaging data leakage and reputational risk.

Another 31 percent of respondents report malware exploits and targeted cyber-attacks as their top security threats, with an additional 8 percent deeming unauthorized software as an organizational danger. These concerns are exacerbated by statistics showing users with administrator rights are more likely to cause a network infection as a result of unauthorized applications being downloaded and introduced onto corporate systems.

In addition to malware threats, this can also lead to software licensing and compliance issues. With the trend of increasingly sophisticated malware and advanced persistent threats that target privileged accounts, organizations who fail to remove administrator rights are particularly vulnerable to attack.

“In today’s increasingly-complex threat landscape, organizations are quickly learning that employees don’t have to be malicious to put a company at risk. The most common threat comes from employees who download and install unauthorized software, without understanding the potential risks associated with their actions,” said Mark Austin, co-founder and CEO of Avecto. “The best protection against this unauthorized activity is addressing a major pain point – users with excessive privileges. By granting privileges to applications, instead of users, companies can empower users to perform their role and vastly increase the security posture of the endpoints.”

Austin continues, “Users logging on with full administrator rights will continue to put organizations at real risk of infection, as the sophistication of malware and targeted attacks continues to evolve. Unfortunately, organizations are still allowing administrator rights to go unmanaged, whether knowingly or unwittingly. This is a significant problem, particularly as the current crop of anti-malware software is repeatedly proving to be deficient in the fight against cybercrime.”





Spotlight

The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //