Security Experts:

Connect with us

Hi, what are you looking for?



Excessive User Privileges Challenges Enterprise Security: Survey

It is no secret that enterprises sometimes have trouble keeping a handle on privileged users. In the wrong hands, excessive privileges can lead to data breaches and sleepless nights for IT.

It is no secret that enterprises sometimes have trouble keeping a handle on privileged users. In the wrong hands, excessive privileges can lead to data breaches and sleepless nights for IT.

According to a survey from security firm BeyondTrust, which focuses on privilege management issues, more than 47 percent of the 728 survey participants said users in their organizations have elevated privileges not necessary for their roles. Twenty percent reported that more than three-quarters of their user base run as administrators. In addition, 33 percent said their organizations had no policies for privileged password management.

“The majority of users do not typically require the ability to install their own software or make changes to system properties,” according to the report. “Providing them with this ability can lead to, at a minimum, inadvertent errors and increased demand on internal IT help desks. Worse, it provides opportunities for malicious employees, or attackers who have compromised employee credentials, to steal sensitive information or disrupt network operations.”

The survey – dubbed ‘Privilege Gone Wild 2′ – backs the findings of a report from the Independent Oracle Users Group in which 54 percent of respondents reported that abuse of privileges by IT staff was among the top threats to enterprise data. A separate study by research company Ovum found that 59 percent of the U.S. businesses surveyed felt privileged users posed a threat to their organization.

Brad Hibbert, CTO of BeyondTrust, listed three reasons employees end up with excessive privileges. First, it makes life easier.

“Granting users’ full admin rights on desktops / servers ensures that they can perform their job tasks without the pushback,” he told SecurityWeek. “Of course this is somewhat short-sighted as this approach raises security concerns and can also impact longer term operational costs as the help desk is engaged to troubleshoot and address issues including misconfigurations, malware and unlicensed software.”

The other two reasons are a lack of oversight as employees move from job function to job function and a lack of “native delegation capabilities” of the operating systems being used, he said.

Seventy-nine percent of respondents in the BeyondTrust study indicated they felt employees are somewhat likely to very likely to access sensitive or confidential data out of curiosity.

“A regular review by managers and supervisors of their employees’ access rights will help reduce permission bloat and users having access to unnecessary systems,” said Hibbert. “Access reviews can be performed as needed or scheduled to occur periodically – for example, every calendar quarter, enabling you to conduct periodic access reviews to maintain the correct level of user privileges. The review schedule will depend on the sensitivity of the access and effort in performing the review. It could range from weekly to quarterly to yearly.”

“One approach that enables more frequent reviews is performing delta attestation analysis between full-attestation reviews,” he continued. “That is, ‘show me how access has changed since the last review.’ This result enables more frequent reviews on a smaller subset of entitlements.”


Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet