The role of the senior IT security executive is constantly changing,” said Christopher Zannetos, president and CEO of Courion. “Not only are they thought of as the front line defence for protecting sensitive company and customer information, they also feel responsible for brand image and customer satisfaction. IT security cannot tackle all this alone, however. We believe, and this survey confirmed, that better employee education and management of user access can provide much needed support for the security team.”
Indifference at the employee level, lack of knowledge and malicious acts by trusted insiders can present a challenge for IT security, as evidenced by the 2014 Verizon Data Breach Investigations Report, which included “insider misuse” as one of the nine basic patterns that all breaches can be described by. Within this pattern, “privilege abuse” was the top threat action observed in 88 percent of security incidents.
This is meaningful, since “Account Monitoring and Control”, “Controlled Access Based on the Need to Know” and “Controlled Use of Administrative Privileges”are three of the Top 20 Critical Security Controls recommended by the SANS Institute.