According to a survey conducted by HKPC, some local companies and organizations failed to make sufficient provisions for the management of "privileged access" to critical IT systems and networks, leaving themselves exposed to hacking and insider attacks. Commissioned by enterprise cyber security solutions provider SSH Communications Security, the survey covered the local use of privileged access, as well as the related cyber security issues and management measures.

Reasons for using privileged access

The survey found that 81% of respondents had applied audit and management on privileged access with enhancing security protection (78%) and compliance requirement (63%) as the two key reasons behind it. Despite the efforts, 18% still encountered privileged access related security issues such as external attacks or abuses of usage by internal staff.

Enterprises should enhance privileged access management, especially those providing shared accounts for staff and those who give privileged access to IT outsourcing partners or cloud service providers. They should consolidate and centrally manage user identities and access. Privileged access should be logged, monitored and audited. The integration of privileged access management measures with security infrastructure can ensure comprehensive protection.

The full report of the "Study on Privileged Access Governance in Hong Kong Enterprises" can be downloaded from the following link: http://u.hkpc.org/hk_pag.