The threat from withinPrivileged access users in the enterprise

Total incidentsof insider misusein 2013.2

of organizations fail to block PAU access to sensitive data.5

73%

71%21% 28%

2%Local areanetwork

Physicalaccess

Remoteaccess

Other

Access points for insider misuse9

348 billion a year in corporate lossescan be directly tied to privileged user fraud.4

of which were dueto privilege misuse.3

Say Edward Snowden has eithercaused significant or some increase in the organization’s level of concernabout insider threats.8

88 %

#1problem deliveringand enforcing PAcontrols is ability to keep up with accesschange requests.7

Who is the privilegeduser?

Sources: 1 Privileged User Abuse & The Insider Threat, Ponemon Institute, June 2014 2 Verizon data breach investigation report 20143 Verizon data breach investigation report 20144 ACFE Report to the Nations on Occupational Fraud & Abuse, Association of Certified

Fraud Exam¬iners Inc., 2012 5 Vormetric 2013 Insider Threat Report

DatabaseAdmin

SystemsAdmin

NetworkEngineer

IT SecurityPractitioner

IT AuditPractitioner

Data CenterManager

ApplicationDeveloper

6 Privileged User Abuse & The Insider Threat, Ponemon Institute, June 2014 7 Privileged User Abuse & The Insider Threat, Ponemon Institute, June 20148 Privileged User Abuse & The Insider Threat, Ponemon Institute, June 2014 9Verizon data breach investigation report 201410 Common Sense Guide to Mitigating Insider Threats, 4th Edition, CERT

88%

11,698

of companies donot have policies for assigningprivileged useraccess rights.6

49%

In more than 70% of IP thefts, insiders stole the information within 30 daysof announcing their resignation.10

I QUit!70%