80% of organizations report employee abuse of access to business applications

New research released by CyberArk reveals that organizations continue to operate with limited visibility into user activity and sessions associated with web applications, despite the ever-present risk of insider threats and credential theft. While the adoption of web applications has brought flexibility and increased productivity, organizations often lag in implementing the security controls necessary to mitigate risk of human error or malicious intent.

The survey of 900 enterprise security leaders found that 80% of organizations experienced employees misusing or abusing access to business applications in the past year. This comes as 48% of organizations surveyed said they have limited ability to view user logs and audit user activity, leaving a blind spot for catching potentially risky behavior in user sessions.

Consider financial, healthcare, marketing or developer web applications that contain sensitive, high-value data like financial records, customer or patient information or intellectual property. Most security and compliance teams have limited resources, visibility and control over how confidential data is being handled, or what is being done during a user session.

According to the research, in 70% of organizations, the average end-user has access to more than 10 business applications, many of which contain high-value data, creating ample opportunity for a malicious actor. To that end, the top-three high-value applications that organizations were most concerned with protecting against unauthorized access were IT service management apps.

For many security teams, investigation into questionable user activity represents a significant investment of time and drag on thin resources, and must be balanced with other priorities such as improving incident response and enforcing consistent controls across applications to reduce threat of credential theft.

According to the research:

More than half (54%) of organizations investigate user activity stemming from security incidents or compliance at least weekly vs. 34% of organizations that investigate monthly
44% of organizations said they need to enable the same security controls across all applications amid disparate built-in application controls
41% of respondents said that better visibility into user activity would enable them to identify the source of a security incident more quickly

“Ensuring security and usability is key. As more high-value data migrates to the cloud, organizations should make certain the proper controls follow suit to manage risk accordingly while enabling their workforce to operate without disruption,” said Gil Rapaport, general manager, Access Management, CyberArk. “Today, any user can have a certain level of privileged access, making it ever more important that enterprises add security layers to protect the entire workforce as part of a comprehensive Identity Security strategy and Zero Trust framework.”

80% of organizations report employee abuse of access to business applications

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

80% of organizations report employee abuse of access to business applications

Related Articles

80% of organizations increased focus on identity security following pandemic shift to remote work

As Organizations Become Aware of Security Vulnerabilities in Cloud-Based Collaboration Applications, It’s Time to Act

80% of global businesses expect a breach of customer records in the next year

Nearly 80 Percent of German Organizations Aren’t Prepared for a Cyber Security Incident

Related Products

The Database Hacker's Handbook: Defending Database Servers

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.