IT departments need to keep an eye on their privileged users, as such accounts are the weak link in security, according to a new study.
The CA-commissioned survey of 270 firms found 41 per cent of firms claiming to be ISO27001 compliant actually break the rules, such as allowing privileged users to share their accounts.
In the UK, 47 per cent of firms are ISO compliant, but 30 per cent had never heard of standard regarding privileges and 56 per cent weren't sure if admin accounts were being shared.
The study also found that a quarter of firms across Europe use time-consuming, error prone manual controls to manage their privileged users.
Indeed, the report showed IT managers aren't very concerned with the issue, ranking malware, the internet, internal users and web 2.0 tools as more threatening security risks.
CA director of security solutions Simon Godfrey said the study's results showed IT admins were overlooking such accounts as a security risk.
"While such access is necessary, it is most commonly managed on an ad hoc basis and, despite claims to pay heed to the requirements of regulators, requirements with regard to privileged users are often overlooked," he said in a statement.
"It is in the best interests of individual IT managers, the IT department, and the overall business to have measures in place to control and monitor privileged users."
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Data sovereignty a growing priority for UK enterprisesNews Many firms view data sovereignty as simply a compliance issue
-
Elevating compliance standards for MSPs in 2025Industry Insights The security landscape is set to change significantly in the years to come with new regulations coming into effect next year, here's how the channel needs to adapt
-
How ready is your company for NIS2?Supported Content The EU’s latest cybersecurity legislation raises the stakes for enterprises and IT leaders - and ensuring compliance can be a daunting task
-
Top data security trendsWhitepaper Must-have tools for your data security toolkit
-
Conquering technology risk in bankingWhitepaper Five ways leaders can transform technology risk into advantage
-
Advancing your risk management maturityWhitepaper A roadmap to effective governance and increase resilience
-
When banking works, the world worksWhitepaper Five ways automated processes can drive revenue and growth across your bank
-
Automating digital resiliency in bankingWhitepaper Prioritize investment in solutions that mitigate a lack of digital resiliency when disruptions strike
