14 DAY TRIAL // Lieberman Software Corporation has conducted a study at the latest RSA Conference in San Francisco to find out if corporate employees listen to security directives issued by IT departments and executive management.
According to 80% of the 250 IT security professionals who took part in the study, employees deliberately ignore the security rules made by IT departments.
Furthermore, over half of the 80% believe the rules would be ignored even if they came from executive management.
“These figures highlight the fact that most end-users are still not taking IT security seriously and are unnecessarily putting corporate data -- and potentially customer information -- at risk,” noted Philip Lieberman, CEO of Lieberman Software.
“And these behaviors are continuing even after it has been proven that human error is the leading cause of data breaches. Organizations need to implement better cyber security training that properly instructs staff about the consequences of data breaches.”
The study also shows that 32% of security experts work in organizations that don’t have a policy which dictates changing default passwords when new hardware or software is deployed.
In addition, over 75% of the respondents believe the staff members from their organization have access to information they don’t necessarily need. Moreover, 38% of them have witnessed a co-worker accessing information they should not have access to.
Over half of the security professionals who witnessed such events haven’t reported their colleagues.
“IT groups must also look beyond conventional security products and invest in technology like privileged identity management(PIM). PIM products ensure that powerful privileged accounts found throughout the enterprise in large organizations are available only to authorized IT personnel with limited-time, audited access,” Lieberman added.
“This ensures that end-users are not able to accidentally or maliciously change configuration settings, access systems with sensitive data, or perform other actions that are not required of their jobs.”
The complete “Privileged Identity Management: An Executive Overview” report is available here (registration required).