What keeps you awake at night?
If you’re one of the 500 IT professionals recently surveyed by cybersecurity firm BeyondTrust on behalf of Forrester Research, chances are pretty good it’s the misuse of personal identifiable information or the loss of intellectual property.
Those two responses were offered by 86 and 80 percent of respondents, respectively, but according to BeyondTrust what the survey really revealed was what they dubbed the five “deadly sins” and how they prevent organizations from effectively protecting sensitive information.
The first deadly sin, says BeyondTrust, is apathy, which they determined by the fact that, when asked to list the top threats associated with passwords, survey respondents listed employees sharing passwords with colleagues (79 percent), employees not changing default passwords their devices ship with (76 percent), and using weak passwords like “12345” (75 percent).
Next up was greed, with 79 percent of respondents citing allowing users to run as administrators on their machines as their biggest threat, followed by not having control over applications on users’ machines (68 percent).
The second of the deadly sins is greed. Users often insist they need full administrative privileges over their devices, and that can create problems for IT. 79 percent of respondents cited allowing users to run as administrators on their machines as their biggest threat, followed by not having control over applications on users’ machines (68 percent).
And then there was pride. “Pride cometh before the fall,” BeyondTrust observed, noting that “one in five respondents say attacks combining privileged access with exploitation of an unpatched vulnerability are common. Simply patching known system vulnerabilities can prevent most of today's commonly-reported attack vectors. Yet, too often, IT does not stay current on their patches.”
The other two sins the report cited were ignorance and envy. As for what organizations can do to address these “deadly sins,” BeyondTrust pointed to steps such as deploying enterprise password management globally across all data centers, virtual and cloud; prioritizing and patching vulnerabilities; and unifying privileged access management into a single console for management, policy, reporting and analytics.