Companies in the UK admit that former employees who have access to corporate systems and data through old passwords and access rights could be putting them at risk of a security breach.
The findings, from Centrify’s 'State of the Corporate Perimeter’ survey of 400 UK and US IT decision makers (ITDMs), show that when it comes to the risks posed by ex-employees, almost a third (32 percent) of UK respondents believe that it would be ‘easy’ for an employee who has left the company to log in and access systems or information with old passwords. This compares to 53 percent of respondents in the US. Although half (49 percent) say ex-employees and contractors/third parties are ‘off-boarded’ the day they leave, over half also admit that it can take up to a week or more to remove access rights and passwords to sensitive data for someone no longer with the company. The question of who has root or privileged level access to systems is also a concern.
Forty percent of UK ITDMs working for companies with 500+ employees and 50 percent working in companies with less than 500 employees say that more than 10 percent of staff have privileged access to data – potentially exposing confidential and highly sensitive information to both insider threats and external breaches. “Giving employees elevated access to privileged accounts and the organisation’s most critical data, applications systems and network devices is essentially giving them the ‘keys to the kingdom’. It’s the equivalent of providing the front door key to your house – and you’d be very, very careful who you gave that to,” explains Barry Scott, CTO EMEA at Centrify. The survey also reveals that nearly half (45 percent in the UK compared to 55 percent in the US) of organisations have suffered a security breach in the past. A quarter of UK respondents (26 percent) suspect attempts have been made in the last week, while one in seven (14 percent) say that their systems may have suffered attempted security breaches in the last hour. According to the findings, 57 percent in the UK admit their organisation needs to do a better job of monitoring who is accessing data.
Scott adds: “The challenge is that modern enterprises have their infrastructure both on-premises and in the cloud, they have a mobile workforce and IT users may be their own employees, temporary contractors or from external companies. Privileged accounts are a very attractive target for hackers. It’s surprising that experienced IT decision makers like this are admitting that their organisations need to do a better job of monitoring who has access to their data, despite high profile incidents like Sony, JP Morgan and Target and the knowledge that breaches can potentially cost them millions of pounds.” Other key findings: Half of ITDMs say that security is in the top three biggest IT challenges in the next 12 months. Just over a third (34 percent) in the UK (59 percent in the US) admit they share access credentials with other employees often and 32 percent in the UK (52 percent in the US) share access with contractors. Among those who allow contractors to have access to their systems, 68 percent in the UK (82 percent in the US) believe it would be possible for them to access data with old passwords.
The Centrify ‘State of the Corporate Perimeter’ research report was conducted online, surveying 200 IT decision-makers (ITDMs) in organisations in the UK and 200 in the US. The survey was conducted between April 27 and April 30, 2015.