Categories: Security

Europeans Warned Of Security Threat From Privileged Users

Privileged users are often the weak link in the corporate security chain, despite their trusted positions, European companies were warned at the RSA security conference in London this week.

A survey of 270 medium and large European organisations conducted by research company Quocirca on behalf of IT management specialists CA, found that organisations remain unaware of the risks posed by privileged users such as IT managers or senior management, due to poor management, inefficient manual processes and lack of awareness.

Somewhat alarmingly, 41 percent of supposedly ISO27001 compliant organisations admitted non-compliant practices such as sharing privileged user accounts. And despite the availability of privileged user management (PUM) systems, only 26 percent of European organisations surveyed have actually deployed them in full.

“While such access (privileged access ) is necessary, it is most commonly managed on an ad hoc basis and, despite claims to pay heed to the requirements of regulators, requirements with regard to privileged users are often overlooked,” said Simon Godfrey, Director of Security Solutions at CA.

Godfrey warned that it was in the best interests of companies to have measures in place to control and monitor privileged users. “The deployment of PUM tools enables this and allows organisations to mature their use of PUM over time,” said Godfrey. “Privilege User management is key to compliance, to reducing risk exposure, and to protecting critical business applications.”

At the moment, it seems that in Europe 24 percent of organisations (29 percent in the UK) rely on forms of manual control for overseeing and controlling the actions of privileged users. But this is time consuming, expensive, unreliable, prone to error, and most importantly is a process that cannot be audited.

The survey also revealed that controlling and monitoring the activities of privileged users is well down on the list of priorities for IT managers at the moment. Survey respondents ranked PUM below seven other actual security threats to the organisation including malware, the Internet, internal users, and web 2.0 tools.

The survey also highlighted individual country differences. The French are the naughtiest in this regard, with 60 percent admitting they would most likely to share administrator accounts between individual administrators, followed by Belgium (also 60 percent), and the Netherlands (53 percent). The UK scored 38 percent.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

View Comments

  • As an ISO27001 accredited IT firm I find that statistic pretty shocking!

    Our approach to information security is the same as our approach to quality & environmental management standards; we integrate the necessary

    procedures actually into our business software systems. You cannot rely on people to follow procedures to the letter, so instead you design the

    processes such that the systems work neatly with the human procedural elements.

    For example; our system will not let you put a server live if one of the

    hard disks is labelled as "dirty" (used for customer data) in our asset management system. That status gets removed by running a script to dd zeros to the entire disk several times, but the procedure is mostly

    automated, thus preventing human error. Other examples include our

    complete logging and tracking of all users activity (regardless of privilege level) and fail safes to prevent mass downloading of sensitive databases.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago