A global study indicates that disgruntled former employees (or threat actors taking advantage of them) have a widespread opportunity to cause harm within companies—because their IT accounts remain active, often months after they leave their jobs.
One of the easiest ways for malicious outsiders, or even insiders, to gain access into an organization’s IT network is by stealing user credentials such as user names and passwords. Once access is secured, a series of lateral movements and privilege escalation activities can procure access to the type of information and systems that are most coveted by bad actors, such as a CEO’s email, customer or citizen personally identifiable information or financial records. The more time inactive accounts are available to bad actors, the more damage can potentially be done, including data loss, theft and leakage.
Even so, an identity and access management (IAM) study, which surveyed 913 IT leaders across several countries, found that 70% of respondents lack confidence that accounts of former employees are fully deactivated in a timely manner. Also, only 14% said they remove access for users immediately upon a change in HR status. Yet despite this lack of best practice, 71% said they are concerned about the risk represented by dormant accounts.
Also, while 97% have a process for identifying dormant users, only 19% have tools to aid in finding them. As a result, a full 84% of respondents said it takes a month or longer to discover forgotten dormant accounts.
Additionally, just 9% are confident that they have no dormant accounts, and about a third (36%) are “very confident” they know which dormant user accounts exist.
Overall, the report spotlighted how common security best practices—such as timely removal of access to corporate data and applications, dormant account identification and role administration—continue to be a challenge and concern for organizations worldwide. For instance, only one in four are “very confident” that user rights and permissions in their organizations are correct for the individuals’ roles, and only 11% audit enterprise roles more frequently than monthly.
The survey also found that user account access and management challenges are not limited to legacy systems and data, but also are relevant for newer technologies such as file-sync-and-share services like Box and Dropbox. Only 14% of respondents report deprovisioning access to these accounts in a centralized/automated manner.
“Today, when employees leave an organization or change roles within the same organization, it’s more critical than ever that any access rights to the corporate network, systems and data are revoked or modified to match their new status,”
said John Milburn, president and general manager of the company contracting the study.
“The overwhelming lack of confidence that organizations are doing this in a timely manner means they are still grappling with these same critical issues, offering up a gaping security hole for former employees, or hackers to exploit those identities, and wreak havoc for hours, weeks or even months to come. Those that don’t finally get this under control are more likely than ever to suffer a significant breach, and all of the resulting major impacts on reputation, brand and stock valuation.”