Conducted by Courion in November 2014Audience of 35,400 IT security executives

at companies worldwide with 500+ employees

After a year of unrelenting data breaches, IT security executives are

keenly aware of the possibility of a breach within their organizations . .

.

84% agree: it is not whether you will be breached, but rather,

what you can do to reduce the damage of a breach

Agree84%

Disagree16%

43% know someone whose organization has suffered a

data breach in the last 6 months

Yes43%

No57%

97% agree: misused or stolen access credentials

provide easy access for hackers

Agree97%

Disagree3%

The majority are confident that they have access under control .

. .

76% believe their organization knows who has

administrative privileges

Agree76%

Disagree24%

And 72% said their organization enforces a “least privilege”

policy

Agree72%

Disagree28%

But below the surface there may be a disconnect . . .

43% admit their organization does not know when

access privileges are increased, or when access behavior

changes

Aware57%

Not Aware43%

And only 29% feel confident their organization is able to detect

when access credentials are misused or stolen

I do not know29%

Agree29%

Disagree42%

Will these organizations be able to deter or detect a breach?

41% know abandoned accounts exist in their organization,

and another 12% just don’t know . . .

Disagree47%

Agree41%

I do not know12%

And only 47% feel confident there are no

orphaned accounts in their organization

Agree47%

Disagree41%

I do not know12%

In fact, privileged accounts & unnecessary entitlements

are the access risks that cause the most anxiety

10.4%

11.9%

31.1%

46.7%

0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% 45.0% 50.0%

ORPHANED ACCOUNTS - accounts with noadminstrative oversight

ABANDONED ACCOUNTS - accounts inactive for a timeperiod exceeding policy

UNNECESSARY ENTITLEMENTS - unneeded or excessaccess privileges, often in conflict with SoD practices

PRIVILEGED ACCOUNTS - accounts with increasedlevels of permission that provide elevated access to

critical networks, systems, applications or transactions

So how can IT security get ahead of access risks?

By using an identity and access intelligence solution that

continuously monitors access risks . . .

So you can quickly view accounts by privileged entitlements

And identify and eliminate abandoned accounts

And find orphan accounts that need administrative oversight

And maintain a least privilege policy

The Department of Homeland Security recommends

improved access hygiene & continuous access monitoring

Conduct a regular review of employee access and terminate any account

that individuals do not need to perform their daily job responsibilities.

Terminate all accounts associated with an employee or contractor immediately

upon dismissal.

Change administrative passwords to servers and networks following

the release of IT personnel.

Avoid using shared usernames and passwords for remote desktop protocol.

Do not use the same login and password for multiple platforms, servers, or networks.

Ensure third party service companies providing e-mail or customer support

know that an employee has been terminated.

Restrict Internet access on corporate computers to cloud storage Web sites.

Do not allow employees to download unauthorized remote login applications

on corporate computers.

Maintain daily backups of all computer networks and servers.

Require employees change passwords to corporate accounts regularly

(in many instances, default passwords are provided by IT staff and are never changed).

http://www.ic3.gov/media/2014/140923.aspx

To learn more about how you can add intelligence to

your identity & access management, contact

866.COURION.