A recent RSA-sponsored IDC survey on insider risk management resulted in some pretty interesting findings, suggesting at the highest level that IT organisations may be focused on the wrong things when it comes to insider risk. According to the survey, CXOs tend to give higher priority to protecting their organisations against malicious insider attacks rather than the more frequently occurring and potentially more damaging accidental insider breaches, of which inappropriate user access is a key element.
For example, the RSA security blog further revealed that while 65% of CXOs reported their top concern as unauthorised or deliberate access to systems and data, they cited 5,794 unintentional incidents created by excessive access rights – one of the highest categories of risk incidents over the last 12 months. CXOs also revealed that the greatest financial impact to their organisation was caused by risks related to out-of-date or excessive access rights (17%) – again tied to unintentional user behaviour.
Ultimately though, whether unauthorised access threats are internal or external, malicious or accidental, they all pose a major risk to sensitive data, and more broadly, an organisation’s brand integrity and financial and regulatory compliance posture. Inappropriate user access remains one of the top IT challenges for corporations, as this and numerous other industry surveys and analyst data continue to prove. A comprehensive Access Assurance strategy needs to be a core part of every organisation’s risk strategy to ensure that only the right people have the right access to the right resources and are doing the right things.