This document summarizes the results of a survey of 35,400 IT security executives on data breaches and access management. Key findings include: 84% agree that a breach is not a question of if but when; 97% agree that stolen credentials enable easy hacker access; but only 29% feel confident in detecting misused credentials. The document suggests that organizations should continuously monitor privileged accounts, unnecessary entitlements, abandoned accounts, and orphaned accounts to improve security and reduce breach risks.

1. Conducted by Courion in November 2014
Audience of 35,400 IT security executives
at companies worldwide with 500+ employees

2. After a year of unrelenting data breaches, IT security executives are
keenly aware of the possibility of a breach within their organizations . .
.

3. 84% agree: it is not whether you will be breached, but rather,
what you can do to reduce the damage of a breach
Agree
84%
Disagree
16%

4. 43% know someone whose organization has suffered a
data breach in the last 6 months
Yes
43%
No
57%

6. 97% agree: misused or stolen access credentials
provide easy access for hackers
Agree
97%
Disagree
3%

7. The majority are confident that they have access under control .
. .

8. 76% believe their organization knows who has
administrative privileges
Agree
76%
Disagree
24%

9. And 72% said their organization enforces a “least privilege”
policy
Agree
72%
Disagree
28%

10. But below the surface there may be a disconnect . . .

11. 43% admit their organization does not know when
access privileges are increased, or when access behavior
changes
Aware
57%
Not Aware
43%

12. And only 29% feel confident their organization is able to detect
when access credentials are misused or stolen
I do not know
29%
Agree
29%
Disagree
42%

13. Will these organizations be able to deter or detect a breach?

14. 41% know abandoned accounts exist in their organization,
and another 12% just don’t know . . .
Disagree
47%
Agree
41%
I do not know
12%

15. And only 47% feel confident there are no
orphaned accounts in their organization
Agree
47%
Disagree
41%
I do not know
12%

16. In fact, privileged accounts & unnecessary entitlements
are the access risks that cause the most anxiety
11.9%
10.4%
31.1%
46.7%
PRIVILEGED ACCOUNTS - accounts with increased
levels of permission that provide elevated access to
critical networks, systems, applications or transactions
UNNECESSARY ENTITLEMENTS - unneeded or excess
access privileges, often in conflict with SoD practices
ABANDONED ACCOUNTS - accounts inactive for a time
period exceeding policy
ORPHANED ACCOUNTS - accounts with no
adminstrative oversight
0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% 45.0% 50.0%

17. So how can IT security get ahead of access risks?

18. By using an identity and access intelligence solution that
continuously monitors access risks . . .

19. So you can quickly view accounts by privileged entitlements

20. And identify and eliminate abandoned accounts

21. And find orphan accounts that need administrative oversight

22. And maintain a least privilege policy

23. The Department of Homeland Security recommends
improved access hygiene & continuous access monitoring
 Conduct a regular review of employee access and terminate any account
that individuals do not need to perform their daily job responsibilities.
 Terminate all accounts associated with an employee or contractor immediately
upon dismissal.
 Change administrative passwords to servers and networks following
the release of IT personnel.
 Avoid using shared usernames and passwords for remote desktop protocol.
 Do not use the same login and password for multiple platforms, servers, or networks.
 Ensure third party service companies providing e-mail or customer support
know that an employee has been terminated.
 Restrict Internet access on corporate computers to cloud storage Web sites.
 Do not allow employees to download unauthorized remote login applications
on corporate computers.
 Maintain daily backups of all computer networks and servers.
 Require employees change passwords to corporate accounts regularly
(in many instances, default passwords are provided by IT staff and are never changed).
http://www.ic3.gov/media/2014/140923.aspx

24. To learn more about how you can add intelligence to
your identity & access management, contact
866.COURION.