A Fifth of Orgs Suffer Breaches Thanks to Ex-Employee Network Access
Failure to deprovision employees has caused a data breach at 20% of the companies represented in a recent survey—indicating that once again, unforced errors are rampant causes of cyber-incidents.
The study, from OneLogin, shows that half (48%) of respondents are aware of former employees who still have access to corporate applications. Meanwhile, a quarter of respondents said their companies take more than a week to deprovision a former employee, and a quarter said they don’t know how long accounts remain active once the employee has left the company.
“The bottom-line is that companies aren’t following very basic but essential security measures around employee provisioning and deprovisioning,” said Alvaro Hoyos, chief information security officer, OneLogin. “This should be a cause for concern among business leaders, especially considering how many data breaches are caused by ex-employees.”
The study found that close to half (44%) of respondents lack confidence that former employees have been removed from corporate networks at all. This points to an increasing need for companies to use a security information and event management (SIEM) system, of which nearly half (41%) aren’t currently using. A SIEM solution can help monitor employee app usage to detect threats to the corporate network.
“That said, at least now we’re at a point where we are acknowledging there is a problem,” added Hoyos. “The next step is going to be for IT decision-makers to be proactive about addressing this issue. Modern enterprises need technology that can automate the provisioning processes to help companies become more secure, productive, and efficient.”
Source: Information Security Magazine