A majority of companies agree on the importance of conducting regular reviews of who has access to their systems, but many of these companies are still doing these reviews manually.
The cybersecurity vendor, Netwrix, has released the results of its recent survey that looked at 590 IT professionals’ treatment of user access permissions. The report showed that 75% of companies agree that conducting regular access reviews strengthens cybersecurity posture.
Of those surveyed, 90% of companies already periodically review access entitlements or have plans to start doing so in the next three years.
However, the survey also revealed that 81% of IT teams are still performing these reviews manually and 41% are doing so on their own, without involving business users.
“Manual review is the most unreliable and time-consuming way of keeping permissions up to date,” says Joe Dibley, security researcher at Netwrix. “An email or instant message from some department head confirming access rights usually satisfies neither internal nor external auditors. Moreover, this approach increases the chance of human error — it’s too easy to forget about someone’s answer or miss the email altogether.”
When respondents who currently utilize a dedicated tool for reviewing user access rights were asked what they consider to be the largest benefit of that solution, 49% stated that it was risk reduction.
Comparatively, 28% of those with these solutions said that the overall time saved was the biggest upside.
“Automating access reviews reduces cybersecurity risks directly, by ensuring a regular update of users’ rights, and indirectly as well. Eliminating manual tasks frees up IT teams to focus on other critical activities, like investigating security incidents before they turn into breaches,” added Dibley.
To download the full survey, click here.