Whenever the risks from the inside threat are discussed, it's usually about the disgruntled/malicious employee within the firewall abusing permissions to steal data or plant malware in sensitive parts of the network.
But, there's an insider on the outside that's often forgotten -- the ex-employee with access to user accounts (and default settings) that remain active after he/she has left the company.
A survey from Symark International drives home the point:
The study revealed that 42 percent of businesses do not know how many orphaned accounts exist within their organization, and 30 percent of respondents said they have no procedure in place to locate orphaned accounts.
That's not a surprise at all. I've interviewed CIOs and CSOs for feature stories in the past about this issue and I'm always amazed at how few resources are allocated to deal with the insider on the outside. Too often, e-mail accounts of ex-employees are never disabled; default passwords for access to sensitive parts of an IT environment are never changed, leaving gaping holes through which valuable data can be stolen.
Other key findings from the survey include:
- Approximately 27 percent of respondents said that more than 20 orphaned accounts currently exist within their organization.
- More than 30 percent of respondents said it takes longer than three days to terminate an account after an employee or contractor leaves the company, while 12 percent said it takes longer than one month.
- More than 38 percent of respondents said that they had no way of determining whether a current or former employee used an orphaned account to access information, while 15 percent said that this has occurred at least once.
The big takeaway: Businesses must invest in and implement polices and technologies to ensure that user accounts are terminated swiftly as soon as the employee leaves the company. This is especially true for large, international enterprises managing locations across the globe.