Organisations spend a lot of time and effort protecting their networks from external attacks. However, it is insider threats that are viewed as one of the biggest risks to corporate data according to IT decision makers surveyed in the Cyber-Ark 2012 Trust, Security & Passwords report.
To efficiently mitigate insider threats and reduce the attack surface of an Information System, a network must be set on a ‘need-to-know’ and ‘need-to-use’ basis.
In real terms, this means that IT departments must ensure that each user in their organisation can only log in according to the pre-authorisation that has been granted. Unfortunately, this is usually not the case.