• Bomgar’s annual Privileged Access Threat Report highlights that privileged insider and third-party access to an organisations’ network is one of the biggest concerns to IT professionals globally.
• Less than 35% of security and IT professionals feel very confident that they have ability to identify threats from employees with privileged access.
• 75% have seen the number of vendors with access to their networks increase in the last year, but 33% believe they spend too little time monitoring third-party vendor access.

Bomgar, a leader in identity and access management solutions for privileged users, today launched the 2018 Privileged Access Threat Report. The global survey explores the visibility, control, and management that IT organisations in the U.S. and Europe have over employees, contractors, and third-party vendors with privileged access to their IT networks. According to the report, formerly called the Secure Access Threat Report, 50% of organisations have suffered a serious data breach or expect to do so in the next six months due to third-party and insider threats.

This year’s report found that external threats are not the main concern for IT professionals, but rather breaches that are linked to vulnerabilities caused by staff or third-party vendors operating within an organisation’s own network. In fact, 50% of organisations claimed to have suffered a serious information security breach or expect to do so in the next six months, due to third-party and insider threats – up from 42% in 2017. Additionally, 66% of organisations claimed that they could have experienced a breach due to third-party access in the last 12 months, and 62% due to insider credentials.

However, a large part of this risk sits with the organisations themselves, as the report found that 73% rely on third-party vendors too heavily, and 72% have cultures that are too trusting of partners. In an age where data breaches have immense financial and reputational implications for businesses, these organisations have far too much faith towards those that operate within their network.

The report also found that problematic employee behaviour continues to be a challenge for a majority of organisations. Writing down passwords, for example, was cited as a problem by 65% of organisations, an increase of 10% over 2017. Colleagues telling each other passwords was also a big problem for 54% of organisations in 2018, rising from 46% in 2017. This rise may indicate that poor password hygiene continues to be a growing issue, or it may be that organisations are more aware of these behaviours due to an increased focus on data protection and privacy.  Either way, the numbers indicate that securing credentials and passwords continues to be an issue for security and IT professionals.

“IT administrators and third-party vendors need privileged access to be able to do their jobs effectively, but the number of privileged users is growing exponentially, and access to systems and data is often being granted in an uncontrolled way,” commented Matt Dircks, CEO of Bomgar. “In the face of growing threats, together with the introduction of the EU GDPR, there has never been a greater need to implement organisation-wide strategies and solutions to manage and control privileged access.”

The report did show that some organisations are managing these risks with a privileged identity and access management (PAM) solution. From the research, these same organisations experience less severe security breaches and have better visibility and control than those who use manual solutions or no solution at all. In fact, less than half (44%) of organisations using PAM experienced a serious breach or expect to in the next 6 months, compared to 69% of those without control of their privileged users.

“As the vendor ecosystem grows, and employees are granted more trust, organisations need to accept that the way to mitigate risks is by managing privileged accounts through technology and automated processes that not only save time, but also provide visibility across the network,” Dircks added. “By implementing cybersecurity policies and solutions that also speed business performance, versus putting roadblocks in users’ way, organisations can begin to seriously tackle the privileged access problem.”

Research methodology

1021 key decision makers with visibility over the processes associated with enabling internal users and external parties to connect to their systems completed a survey in February 2018. Those surveyed were all IT professionals across operations, IT support/helpdesk, IT security, compliance and risk or network/general IT roles. Respondents were from a range of industries, including manufacturing, finance, professional services, retail, healthcare, telecoms and the public sector. The survey was conducted across the United Kingdom, the United States, Germany and France.

The Privileged Access Threat Report was released this week at RSA Conference in San Francisco where Bomgar is exhibiting in booth 2331. The report is available for download at https://www.bomgar.com/resources/whitepapers/privileged-access-threat-report.