New research has revealed that organisations still operate with limited visibility of user activity associated with web applications, despite the ever-present risk of insider threats and credential theft.
The research from cybersecurity firm CyberArk found that while the adoption of web applications has brought flexibility and increased productivity, organisations often lag in implementing the security controls necessary to mitigate the risk of human error or malicious intent.
The global survey of 900 enterprise security leaders found that 80% of organisations experienced employees misusing or abusing access to business applications in the past year. This comes as 48% of organisations surveyed say they have limited ability to view user logs and audit user activity, leaving a blind spot for catching potentially risky behaviour in user sessions.
The new research coincides with the general availability of a first-of-its-kind CyberArk Identity Secure Web Sessions, a cloud-based solution that enables organisations to record and protect user web application sessions.
Consider financial, healthcare, marketing or developer web applications that contain sensitive, high-value data like financial records, customer or patient information or intellectual property. Most security and compliance teams have limited resources, visibility and control over how confidential data is being handled or what's being done during a user session.
According to the research, in 70% of organisations, the average end-user has access to more than ten business applications, many of which contain high-value data creating ample opportunity for a malicious actor. To that end, the top-three high-value applications that organisations were most concerned with protecting against unauthorised access were IT service management apps such as ServiceNow, cloud consoles such as Amazon Web Services, Azure and Google Cloud Platform and marketing and sales enablement applications such as Salesforce.
For many security teams, investigation into questionable user activity represents a significant investment of time and drag on thin resources and must be balanced with other priorities such as improving incident response and enforcing consistent controls across applications to reduce the threat of credential theft.
According to the research, over half (54%) of organisations investigate user activity stemming from security incidents or compliance at least weekly, vs 34% of organisations that investigate monthly.
Meanwhile, 44% of organisations say they need to enable the same security controls across all applications amid disparate built-in application controls, while 41% of respondents say better visibility into user activity would allow them to identify the source of a security incident more quickly
"Ensuring security and usability is key. As more high-value data migrates to the cloud, organisations should make certain the proper controls follow suit to manage risk accordingly while enabling their workforce to operate without disruption," says CyberArk general manager, Access Management, Gil Rapaport.
"Today, any user can have a certain level of privileged access, making it even more important that enterprises add security layers to protect the entire workforce as part of a comprehensive Identity Security strategy and Zero Trust framework."
CyberArk Identity Secure Web Sessions helps enterprises gain visibility into user activity within web-based applications protected by CyberArk Workforce Identity and third-party Single Sign-On (SSO) providers.
Secure Web Sessions enables organisations to:
- Record and search every click and data change made within a protected app while maintaining a frictionless user experience.
- Implement continuous monitoring and re-authentication, such as when a user steps away from a device during a session, reducing risk of abuse.
- Protect web sessions from threats originating on the endpoint and restrict data exfiltration actions, such as copying of data and file downloads.