An increasing number of IT departments are putting their organisations at risk of internal and external cyber attacks as they fail to monitor their employees’ behaviour, according to the latest research.
The study of 500 IT and security professionals from SMEs and organisations with more than 75,000 employees found 55% have either zero or low visibility of their employee behaviour, in particular which applications and software they can access and download.
When asked how many of their employees have administrator privileges, about 31% of staff, on average, had this.
The study by privilege management firm Avecto and the Ponemon Institute also revealed that a quarter of respondents cannot determine the number of IT users with administrator privileges, despite 34% of their time being spent on managing their profiles.
Paul Kenyon, co-founder and EVP of Avecto, said: "The lack of visibility that IT security professionals have in terms of user behaviour and admin rights, combined with more sophisticated attack vectors, is making securing and managing the endpoint a growing challenge.
"As a result, this is opening up a huge variety of internal and external vulnerabilities."
He added: "As businesses move to Windows 7/8 in the wake of XP support expiration, they are finding new challenges in the way they have previously managed endpoint security.
"It is now more important than ever that organisations invest in the security measures they need to protect themselves."
The research also revealed that 52% of organisations do not have the correct technology in place to prevent targeted cyber-attacks, while another 80% admitted they find it difficult to secure the endpoint.
Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said: "While preventing targeted attacks is considered a high priority, only 5% of respondents said their organisation is fully prepared to deal with them.
"Organisations must deploy a layered approach to endpoint security or they will risk opening their systems up to vulnerability from multiple threat sources. The new age of cyber-attacks requires modern defences and companies must act quickly."