People with access to privileged data—such as health care records, sensitive company information, intellectual property or personal records—frequently put their organization’s sensitive information at risk, according to a new report by Raytheon Company. The survey report, “Privileged User Abuse & The Insider Threat,” finds that many individuals often are granted access to data and areas of the network not necessary for their roles and responsibilities. Furthermore, 65 percent of survey respondents indicated that curiosity—not job necessity—drives them to access sensitive or confidential data.
Key findings include:
While 59 percent believe general business information is at risk, 49 percent say customer information is most at risk due to a lack of access controls over privileged users. Fifty-seven percent believe background checks are lacking in most organizations before issuance of privileged credentials. Furthermore, while 88 percent of those surveyed recognize enhanced security as a top priority, only 40 percent have a dedicated budget to address the insider threat. Most use existing cybersecurity tools not necessarily designed to combat the insider threat.
Conducted by Ponemon Institute, the comprehensive survey identified 693 respondents as privileged users such as network engineers, database administrators, information-security practitioners and cloud custodians.