The study, conducted at Infosecurity Europe, found that many organizations allow employees full control over their desktops, without implementing adequate controls to defend against accidental or deliberate misuse of privileges.
"In today's increasingly-complex threat landscape, organizations are quickly learning that employees don't have to be malicious to put a company at risk,” said Mark Austin, co-founder and CEO of Avecto in a statement. “The most common threat comes from employees who download and install unauthorized software, without understanding the potential risks associated with their actions.”
While 41% of those surveyed cite rogue employees as the biggest threat to their organization, more than 30% of respondents admit to having no policy in place for managing administrator access. Avecto noted that this is particularly problematic, considering the rise in security incidents caused by rogue employees with administrator rights, such as damaging data leakage and reputational risk.
Austin added, "The best protection against this unauthorized activity is addressing a major pain point – users with excessive privileges. By granting privileges to applications, instead of users, companies can empower users to perform their role and vastly increase the security posture of the endpoints."
Another 31% of respondents reported malware exploits and targeted cyber-attacks as their top security threats, with an additional 8% deeming unauthorized software as an organizational danger. These concerns are exacerbated by statistics showing users with administrator rights are more likely to cause a network infection as a result of unauthorized applications being downloaded and introduced onto corporate systems. In addition to malware threats, this can also lead to software licensing and compliance issues, the firm noted. With the trend of increasingly sophisticated malware and advanced persistent threats that target privileged accounts, organizations that fail to remove administrator rights are particularly vulnerable to attack.
Austin continued, "Users logging on with full administrator rights will continue to put organizations at real risk of infection, as the sophistication of malware and targeted attacks continues to evolve. Unfortunately, organizations are still allowing administrator rights to go unmanaged, whether knowingly or unwittingly. This is a significant problem, particularly as the current crop of anti-malware software is repeatedly proving to be deficient in the fight against cybercrime."