How mysterious, over-powerful workers are causing IT security headaches

Too many staff with admin rights are making life hard for IT security teams.
Written by Steve Ranger, Global News Director

When it comes to IT security, it's often said the biggest threat is not evil hackers or government spies - but the bad habits of office workers themselves. And it looks like the threat could be getting worse: IT security staff are struggling to keep up because end users have become too powerful and mysterious, according to research.

The findings show the proportion of end users with administrator rights over their devices is increasing, which could potentially undermine IT security. If a user has administrator rights over their PC they can make far more wide-reaching changes to their devices than they would otherwise be able to do with a standard user account.

Hackers and malware will often seek out accounts with admin rights in order to do more damage than they would otherwise be able to do, which is why admin rights are usually limited.

But an average of 31 percent of users have administrator access privileges in the organisations surveyed. According to 42 percent of respondents said this is primarily due to the increase in the use of mobile devices and cloud services. Four out of ten blamed employees demanding more power over their devices.

IT staff also complain that they don't know what users are up to either: 55 percent of respondents admitted they had somewhere between zero and very low visibility of user behaviour such as their software downloads or access to applications and databases. "This signals a major vulnerability that can make defending the endpoint difficult," the report noted.

The study found that protecting PCs and other devices also eats up a lot of time: an average of 48 percent of the organisation’s total time spent on security issues is on issues such as patching, user privileges, application control, firewalls and anti-virus. The Ponemon Institute research, which surveyed 559 tech professionals, was commissioned by privilege management company Avecto.

Related stories

Editorial standards