35% of IT professionals acknowledge that insider threat is biggest risk to networks
The global survey, undertaken in the UK, US, France and Eastern and Central Europe, examines attitudes to insider threats and the misuse of privileged credentials.
From a security analytics perspective, 47% of IT professionals considered the time and location of login the most important user data for spotting malicious activity. This was closely followed by private activities using corporate devices (41%) and biometrics identification characteristics, such as keystroke analytics (31%). IT professionals are recognising the importance of capabilities which can detect the growing threat from insiders and compromised privileged accounts. When asked which security technology they would implement in the next year, regardless of budget, nearly one fifth of security professionals said they plan to use analytics to track privileged user behaviour.
Within the privileged user network, IT professionals listed sysadmins as the biggest threat (42%) followed by c-level executives (16%). Whilst these executives typically have limited IT skills, their credentials are worth more to hackers than any other group. The research also highlighted the most valuable assets for hackers and found that, unsurprisingly, personal employee data is the most valuable data (56%), as this can be easily sold. However, this is closely followed by customer data (50%) and investor and financial information (46%).
“As attacks become more sophisticated, targeted attacks and APTs more commonly involve privileged users inside organisations – often via hacks involving stolen credentials,” said Csaba Krasznay, Security Evangelist, Balabit. “Today, IT Security professionals’ tough job has become even tougher. It is not enough to keep the bad guys out; security teams must continuously monitor what their own users are doing with their access rights.”
“Privileged user accounts are perfect targets for intruders and therefore pose the highest risk. IT security professional need to quickly detect any suspicious or abnormal activities in order to prevent data breaches,” Krasznay continued. “The more user activity data that is analysed, the better. Knowing the time and location of login, and which applications and devices are in use is critical, but analysing the users’ keystroke dynamics and mouse movements is the feature that really makes enables security analysts to detect a hijacked account, usually within 20 seconds or 200 characters. And once they receive an alert based on a risk score, they can terminate the session if necessary.
About the survey
Balabit surveyed 222 conference attendees earlier this year at the FIC (Forum International de la Cybersécurité) in France, RSA Conference in San Francisco USA, Infosecurity Europe London and IDC Security Roadshows in CEE. IT executives and IT Security professionals, auditors, CIOs, and CISOs participating in this survey represented organizations including 37 percent IT and Telcos, 15 percent in finance, 13 percent in government, 6 percent in retail, 5 percent in manufacturing, and 3 percent in healthcare, energy and other sectors.
Balabit is a leading provider of Privileged Access Management (PAM) and Log Management solutions that help businesses reduce the risk of data breaches associated with privileged accounts.
Balabit’s integrated PAM solution protects organizations in real-time from threats posed by the misuse of high risk and privileged accounts. Solutions include Privileged Session Manager and Privileged Account Analytics, which together help organizations prevent, detect, and respond to cyber-attacks involving privileged accounts, including both insider threats and external attacks using hi-jacked credentials. Working in conjunction with existing security tools, Balabit Privileged Access Management enables a flexible and people-centric approach to improving security without adding additional constraints to working practices.
Founded in 2000, Balabit has a proven track record, with 25 Fortune 100 customers and more than 1,000,000 corporate users worldwide. The company operates globally with offices across the United States and Europe, together with network of reseller partners.
02038373747 / 02038373765