Infographic: The threat from within
It’s not just hackers who can jeopardize your company’s IT security. Recent studies highlight the need for enterprises to ensure that “privileged users” can’t abuse sensitive data
1. The threat
from within
Privileged access users in the enterprise
Total incidents
of insider misuse
in 2013.2
Who is the
privileged
user?
73%
of organizations fail to
block PAU access to
sensitive data.5
Application
Developer
71%
Access points for
insider misuse9
21% 28%
2%
Local area
network
Physical
access
Remote
access
Other
88%
of which were due
to privilege misuse.3
348 billion a year
in corporate losses
can be directly tied
to privileged user fraud.4
#1
problem delivering
and enforcing PA
controls is ability to
keep up with access
change requests.7
49%
88 %
Say Edward Snowden has either
caused significant or some increase
in the organization’s level of concern
about insider threats.8
Sources:
1 Privileged User Abuse & The Insider Threat, Ponemon Institute, June 2014
2 Verizon data breach investigation report 2014
3 Verizon data breach investigation report 2014
4 ACFE Report to the Nations on Occupational Fraud & Abuse, Association of Certified
Fraud Exam¬iners Inc., 2012
5 Vormetric 2013 Insider Threat Report
Database
Admin
Systems
Admin
Network
Engineer
IT Security
Practitioner
IT Audit
Practitioner
Data Center
Manager
I QUit!
70%
6 Privileged User Abuse & The Insider Threat, Ponemon Institute, June 2014
7 Privileged User Abuse & The Insider Threat, Ponemon Institute, June 2014
8 Privileged User Abuse & The Insider Threat, Ponemon Institute, June 2014
9Verizon data breach investigation report 2014
10 Common Sense Guide to Mitigating Insider Threats, 4th Edition, CERT
11,698
of companies do
not have policies
for assigning
privileged user
access rights.6
In more than 70% of IP
thefts, insiders stole the
information within 30 days
of announcing their
resignation.10