Data Driven Futures

Majority have suffered employee access breach

Written by Peter Walker
06/06/19

New research has revealed that 64 per cent of businesses globally believe they’ve likely had either a direct or indirect breach due to misused or abused employee access in the last 12 months, while 62 per cent believe they’ve had a breach due to compromised vendor access.

This is according to BeyondTrust, which surveyed 1,006 IT decision-makers from industries including manufacturing, finance, professional services, retail, healthcare, telecoms and the public sector, across the US, EMEA and APAC.

In the UK, poor security hygiene by employees continues to be a challenge for most organisations.

Employees sending files to personal email accounts, for example, was cited as a problem for 64 per cent of organisations, while colleagues telling each other passwords was also an issue for 65 per cent of UK organisations in 2019 – a significant increase from 49 per cent in 2018.

The report also highlighted over a third (35 per cent) of UK businesses cited concern over unintended data loss when employees are using unsecured devices, and while 72 per cent of UK organisations agree that they would be more secure if they restricted employee device access, BeyondTrust noted this isn’t usually realistic or a viable solution, let alone conducive to productivity.

“Both internal employees and third-party vendors need privileged access to be able to do their jobs effectively, but need this access granted in a way that doesn’t compromise security or impede productivity,” commented Morey Haber, chief technology and chief information security officer at BeyondTrust.

Globally, the businesses surveyed reported an average of 182 vendors logging in to their systems every week. In UK organisations, 46 per cent said they have more than 100 vendors logging in regularly - highlighting the sheer scope of risk exposure - with 83 per cent admitting they trust third party vendors accessing their networks, a slight increase to last year’s report. Trust in employee privileged access was put at 87 per cent however, a decrease in trust from last year’s 91 per cent.

With the General Data Protection Regulation (GDPR) coming into effect on 25 May 2018, last year’s report found that compliance was one of the biggest drivers of cyber security strategies, however this year’s survey has found that high-profile security breaches were the leading driver.

Almost half (43 per cent) said that security breaches not related to their business are having a significant effect on the way they’re governing employee access, with GDPR compliancy taking a backseat as third most important (41 per cent), while 42 per cent cited concern of unintended data loss from unsecured data devices as driving employee network access policies.

Meanwhile, the risks associated with the Internet of Things (IoT) posed a big concern for the professionals surveyed, with 61 per cent of UK businesses stating this. However, a majority (80 per cent) were confident they know how many IoT devices are accessing their systems. At the same time, 41 per cent of security decision-makers perceive at least a moderate risk from Bring Your Own Device (BYOD) policies.