By Maximilian Clarke
Just 39% of workers follow IT security policies in the workplace, placing UK offices at risk of serious security breaches.
The Texas-based Avetco corporation says that this proves the need for privilege identity management technology on company computer systems, as the nature of threats becomes increasingly more complex.
According to Paul Kenyon, Avetco chief operating officer with the Windows privilege management specialist, the results of the survey by Avira —which took in responses from almost a thousand users of the IT security vendor’s software — show that the education message still has some way to go in the workplace.
“Turning this survey on its head means that more than 60 per cent — approaching two thirds of employees — either partially or completely ignore security policies, despite a continuing surge in malware, phishing and all manner of hacker attacks,” said Kenyon.
“Short of going around with a pointy stick and prodding staff when they make a mistake on the governance front — which isn’t very legal or morale-boosting in the modern business environment — IT managers clearly need to use a safety net of some sort,” he added.
And this, the Avecto COO says, is where privilege identity management comes into its own, as it provides a wide range of security safeguards that stop employees from doing something that goes against corporate security policies.
There are, Kenyon explains, a variety of security policy enforcement technologies available, but they can never be 100 per cent effective, especially where human behaviour creates a previously unforeseen set of circumstances that allows malware - or cybercriminals - to creep on to the company IT systems.
And this is before, he says, we even start to look at the issue of multi-vectored and hybridised security threats, the latest incarnation of which has been classed as APTs, short for advanced persistent threats.
As we now know that APTs were responsible for the widely-reported attack on RSA’s systems earlier this year, he adds, it is clear that conventional security cannot defend against all threats.
“If, however, we are able to ring-fence the most powerful accounts within the IT infrastructure of an enterprise, least privilege will ensure that any damage can be minimised - even if the security of the systems is compromised by an employee’s actions, no matter how it was caused,” he said.
“This, in a nutshell, stops any data breaches occurring through the use of privileged accounts. It’s also worth noting that the management of privileged identities can be automated to follow pre-determined or customised policies and requirements for the organisation concerned,” he added.
“Against a backdrop of staff being asked to do more with less — whilst also being under greater workloads — as this survey clearly shows, privileged identity management is a very powerful tool. More powerful than a pointy stick and much more legal.”
Join us on