Too many staff have privileged work accounts for no good reason

Leo Daniels • September 28, 2020

This is a subtitle for your new post

Around 40 per cent of staff in British and American corporations have access to sensitive data that they don’t need to complete their jobs, according to recent research.

In a survey commissioned by IT security firm Forcepoint of just under 900 IT professionals, 40 per cent of commercial sector respondents and 36 per cent working in the public sector said they had privileged access to sensitive data through work.

Worryingly, of that number, about a third again (38 per cent public sector and 36 per cent private) said they had access privileges despite not needing them. Overall, out of more than 1,000 respondents, just 14 per cent from the private sector thought their org was fully aware of who had the keys to their employers’ digital kingdoms.

Carried out by the US Ponemon Institute, a research agency, the survey also found that about 23 per cent of IT pros across the board reckoned that privileged access to data and systems was handed out willy-nilly, or, as Forcepoint put it in a statement, “for no apparent reason”.

Access management is a critical topic for IT security bods, especially as COVID-19-induced remote working introduces challenges for the monitoring of data access and intra-org flows.

In a finding bound to shore up frontline workers’ opinions of each other, fully half of the respondents (49 per cent public sector, 51 per cent private) expressed the view that users with elevated access privileges would browse through data “because of their curiosity”, while just over 40 per cent thought their co-workers could be “pressured” to share login credentials.

More than half thought incident-based security tools yielded false positives as well as too much data “than can be reviewed in a timely fashion”, revealing that workers think gotta-log-em-all security tools may be more of an obstacle to finding and plugging system breaches – or malicious people exfiltrating valuable data.

“To effectively understand the risk posed by insiders, it takes more than simply looking at logs and configuration changes,” said Nico Popp, chief product officer at Forcepoint, in a canned statement.

“Incident-based security tools yield too many false positives; instead IT leaders need to be able to correlate activity from multiple sources such as trouble tickets and badge records, review keystroke archives and video, and leverage user and entity behaviour analytics tools. Unfortunately, these are all areas where many organizations fall short.”

 

We’re 1-fix, we can help you secure your business

At 1-fix, we take a realistic approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.

Join Our Mailing List

All sign-ups are handled inline with our privacy policy and can unsubscribe at any time.

IT Support Services
Cybersecurity Deep-Dive
IT Cloud Migration Service

Recent Blogs

Photograph depicting a busy office environment with employees working on computers
By Craig Atkins May 7, 2025
We explore the recent cyber attacks on Marks & Spencer and the Co-Op and learn how SMEs can protect themselves against rising cybersecurity risks.
Cyber Essentials Logo on a dark background
By Craig Atkins April 17, 2025
Cyber Essentials 101: what every business needs to know. Thursday 8th May, 2pm
The words 'Comms Business Awards' in large letters with blue and black background
By Jess Dugdale April 16, 2025
We’re absolutely delighted to share that our Client Manager, Lee , has been shortlisted for the Hidden Hero Award at the Comms Business Awards – and we couldn’t be prouder!
Photo of the 1-Fix team stood in a line smiling at the camera
By Jess Dugdale April 8, 2025
We've moved! 1-Fix is now based in Bracknell, Berkshire - Your trusted IT support partner in the Thames Valley
Image of a gravestone with the writing 'Windows 10 2015-2025'
By Craig Atkins April 1, 2025
As we approach October 2025, the end of life for Windows 10 is just around the corner. For many businesses, this coincides with the start of a new budget cycle in April, making it the perfect time to consider upgrading to Windows 11. In this blog post, we'll explore the benefits of making the switch early and how it can positively impact your business.
By Craig Atkins February 25, 2025
Multi-Factor Authentication (also known as 2-Factor authentication, 2FA and MFA) has become a widely adopted seucirty measure to protect business' data. However, it's becoming more apparent just how easy it may be for hackers to get around it.
Show More