CyberArk research reveals that despite the ever-present risk of insider threats and credential theft, organizations continue to operate with limited visibility into user activity and sessions associated with web applications.
While the adoption of web applications has provided organizations with greater flexibility and productivity, they frequently fall behind in implementing the security controls required to limit the risk of human error or malicious intent.
Organizations have restricted ability to view user logs and the ability to audit user activity
In the past year, 80% of organizations witnessed employees misusing or abusing access to business applications, according to a global survey of 900 enterprise security leaders. This comes as 48% of firms surveyed indicated they only have limited ability to view user logs and audit user activity, leaving a blind spot for catching potentially risky behavior in user sessions.
Consider financial, healthcare, marketing or developer web applications that store sensitive, high-value data such as financial records, customer or patient information, or intellectual property. Most security and compliance teams have limited resources, visibility, and control over how sensitive data is managed, or what happens during a user session.
According to the research, the average end-user has access to more than ten business applications in 70% of organizations, many of which include high-value data, providing sufficient opportunity for a malicious actor. To that end, IT service management apps like ServiceNow, cloud consoles like Amazon Web Services, Azure, and Google Cloud Platform, and marketing and sales enablement apps like Salesforce were the top three high-value applications that organizations were most concerned with protecting against unauthorized access.
Gil Rapaport, GM, Access Management, CyberArk, said “Ensuring security and usability is key. As more high-value data migrates to the cloud, organizations should make certain the proper controls follow suit to manage risk accordingly while enabling their workforce to operate without disruption,”
“Today, any user can have a certain level of privileged access, making it ever more important that enterprises add security layers to protect the entire workforce as part of a comprehensive identity security strategy and zero trust framework.”
Prioritize investigations of suspicious user behavior
Investigation into suspicious user activity requires a significant investment of time and resources and it must be balanced against other priorities like improving incident response and enforcing consistent controls across applications to reduce the threat of credential theft.
Highlights of the Research
In comparison to 34% of organizations that investigate monthly, 54% of organizations investigate user activity resulting from security incidents or compliance at least weekly.
Amid disparate built-in application controls, 44% of organizations said they need to enable the same security controls across all applications.
Better visibility into user activity, according to 41% of respondents, would enable them to identify the source of a security incident more quickly.