Survey reveals access controls audit failures

Thycotic has released the results from its 2018 Global State of PAM Risk and Compliance report, which highlights where many organizations are failing to fully put security controls in place to protect their most critical information assets.

  • Wednesday, 14th March 2018 Posted 6 years ago in by Phil Alsop
The groundbreaking global study, which surveyed more than 500 organizations worldwide, reveals major risk and compliance gaps in how organizations manage and secure their privileged accounts and access to sensitive systems, infrastructure and data. 

 

Among organizations surveyed, more than half of the respondents indicated that privileged account management is a required or regulated compliance issue within their organization or industry. While PAM security adoption is being driven by regulatory requirements, it also appears that many organizations are adopting privileged account security measures to reduce the risk of the growing cyber threats and to protect against both external and internal attacks. Thus, establishing privileged account access controls is a growing priority driven by auditors, controllers, and greater awareness of threats targeting privileged accounts. In fact, cybercriminals are targeting employees at a higher rate than ever before.  Organizations that adopt PAM find that in the long term it is an investment to help automate many tasks, reducing costs and cyber fatigue.  

 

“While most organizations acknowledge the important role privileged credential access plays in their cybersecurity posture, our report finds that most are actually failing to protect and secure their privileged accounts,” said Joseph Carson, Chief Security Scientist at Thycotic. “Protecting access to privileged credentials, the preferred target of cybercriminals and malicious insiders, is rapidly evolving as a must-have compliance requirement.”

 

According to the report, while more than 60 percent of organizations state that they are required to satisfy regulatory compliance requirements around privilege credential access, a staggering 70 percent would fail an access controls audit.

 

The report analyzed areas such as PAM policies, processes and controls. Additional findings from the report, included:

  • 73 percent of organizations fail to require multi-factor authentication with privileged accounts
  • 64 percent of organizations fail to fully audit privileged accounts
  • More than half of organizations fail to use a secure logon process for privileged accounts
  • 70 percent of organizations fail to fully discover privileged accounts---and 40 percent do nothing at all to discover these accounts