What privileged access threats do Russian companies worry about the most?

The results of the study “Privileged Access Threats in Russian Organizations” were published by Rostelecom-Solar. According to the study, more than 60% of Russian companies face monthly or more frequent threats from privileged users. The most common threat is downloading of prohibited content, which is faced by 13% of large and small companies and 11% of government agencies on a monthly or more frequent basis. In addition, 19% of large companies, 18% of small companies, and 21% of governments suffer security policy circumvention by privileged users for private purposes on a monthly or more frequent basis.

More than 50% of the surveyed respondents fear the growth in the number of impersonal and unmanaged accounts in the organization and the lack of visibility of all privileged users. Most large companies believe that these factors make it difficult for organizations to protect themselves from privileged access threats.

Most Privileged Access problems are related to remote workers, not office workers. The remote format makes it harder to determine if a remote privileged user’s credentials have been compromised 80% of the time. In this category, 80% of users work on their personal devices, and 80% of them have problems with authentication on the corporate network (with passwords, two-factor, etc.).

More than half of Russian companies see the implementation of full control over the actions of external suppliers, contractors and contractors in the company’s information systems as the main task in the field of reducing privileged access threats. However, information security experts note that almost half of all data leaks from domestic organizations occur through contractors.

Only 0% of companies use specialized systems to solve privileged access problems, while 30% use other non-targeted systems, 41% of companies manage privileged user access manually, which seriously increases human factor threats. Another 19% of organizations do not manage privileged user access at all, taking additional risks.

To conduct the study, more than 100 Russian companies from the B2G, B2E, B2B and SMB segments located in Moscow, St. Petersburg and cities with a population of more than 1 million people were interviewed. More than 60% of organizations belong to the commercial sector, 20% – to companies with state participation, and the rest – to state institutions. The survey involved information security specialists, directors of information security / IT, department heads, operational directors and business owners.