Enterprises don't understand IT risk
Posted on 12 April 2011.
A global survey of more than 1,240 IT decision makers at large enterprises – 72% of which have more than 1,000 employees – found that one third (33%) of respondents do not believe their organizations have an accurate assessment of the level of IT risk they face from internal and external threats, according to Courion.


This lack of confidence in risk assessment is warranted for two reasons. First, nearly one in four companies (23%) indicated that they do not have a formal IT risk management program in place. Second, a large percentage of businesses do not routinely review user access rights to data.

More than 90% of respondents said that identification of user access is a core component of their IT risk management strategy, yet 60% said they only review individual user access or entitlements once a year or less frequently, with 45% saying they do not certify user access to high-risk applications on a regular basis.

All of this creates serious data breach risks from excessive user rights, access creep (an accumulation of access credentials as an employee transitions through different positions within a company), and inappropriate access by privileged users within the organization.

Not surprisingly, organisations discover some alarming facts when they conduct user access reviews:
  • Nearly half (48%) of companies have discovered excessive user rights within their systems.
  • 39% of respondents say they have identified instances of inappropriate access by privileged users within their organizations.
  • 56% say they found cases where access was still active for a user’s prior role.
“The results of this survey indicate that there is still widespread misunderstanding of the impact user access reviews have on enterprise IT risk,” said Kurt Johnson, vice president of strategy and corporate development for Courion. “No company wants to suffer the brand damage and liability caused by data breaches. The first step in preventing this is to establish a risk management strategy, and make user access reviews a key part of that process. Too often, an organisation’s most highly sensitive data is easily accessible by numerous individuals who do not require access in the first place.”





Spotlight

Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //