Lack of security controls put organisations at risk
Source: Middle East Insurance Review | Dec 2021
Organisations continue to operate with limited visibility into user activity and sessions associated with web applications, despite the ever-present risk of insider threats and credential theft according to a new study by identity security firm CyberArk.
The new study reveals that while the adoption of web applications has brought flexibility and increased productivity, organisations often lag in implementing the security controls necessary to mitigate risk of human error or malicious intent.
A global survey of 900 enterprise security leaders found that 80% of organisations experienced employees misusing or abusing access to business applications in the past year. This comes as 48% of organisations surveyed said they have limited ability to view user logs and audit user activity, leaving a blind spot for catching potentially risky behaviour in user sessions.
Financial, healthcare, marketing or developer web applications contain sensitive, high-value data like financial records, customer or patient information or intellectual property. Most security and compliance teams have limited resources, visibility and control over how confidential data is being handled or what is being done during a user session.
In 70% of the organisations, the average end-user has access to more than 10 business applications, many of which contain high-value data – creating ample opportunity for a malicious actor.
For many security teams, investigation into questionable user activity represents a significant investment of time and drag on thin resources and must be balanced with other priorities such as improving incident response and enforcing consistent controls across applications to reduce threat of credential theft.
The survey included 900 security decision makers and leaders at medium to enterprise-sized organisations in the US, the UK, France, Germany, Australia and Singapore. M