Ex-employees can, on average, access confidential data a week or more after leaving a company.
The latest research by Centrify Corp. reveals that a third of UK IT decision makers (32%) believe it would be ‘easy’ for a former employee to log in and access systems or information with old passwords. Although half (49%) say ex-employees and contractors/third parties are ‘off-boarded’ the day they leave, over half also admit that it can take up to a week or more to remove access rights and passwords to sensitive data for someone no longer with the company.
The question of who has root or privileged-level access to systems is also a concern. A full 40% of UK IT decision-makers working for companies with 500+ employees, and 50% working in companies with fewer than 500 employees, say that more than 10% of staff have privileged access to data—potentially exposing confidential and highly sensitive information to both insider threats and external breaches.
According to the findings, 57% in the UK admit their organization needs to do a better job of monitoring who is accessing data.
The findings also reveal interesting differences between the two countries in terms of monitoring who has access to what data within organizations, especially when it comes to privilege access to the so-called ‘keys to the kingdom’—an organization’s most critical data, applications and network devices.
While it’s a third in the UK, a full 53% of respondents in the US said that it would be ‘easy’ for an employee who has left the company to log in and access systems or information with old passwords.
Just over a third (34%) in the UK (59% in the US) admit they share access credentials with other employees often and 32% in the UK (52% in the US) share access with contractors. Among those who allow contractors to have access to their systems, 68% in the UK (82% in the US) believe it would be possible for them to access data with old passwords.
“It’s the equivalent of providing the front door key to your house—and you’d be very, very careful who you gave that to,” explained Barry Scott, CTO EMEA at Centrify.
The survey also reveals that nearly half (45% in the UK compared to 55% in the US) of organizations have suffered a security breach at some point in the past. And half of decision-makers say that security is in the top three biggest IT challenges in the next 12 months. A quarter of UK respondents (26%) said that they suspected that attempts had been made in the last week, while one in seven (14%) said that their systems may have suffered attempted security breaches in the last hour.
“The challenge is that modern enterprises have their infrastructure both on-premises and in the cloud, they have a mobile workforce and IT users may be their own employees, temporary contractors or from external companies,” Scott added. “Privileged accounts are a very attractive target for hackers. It’s surprising that experienced IT decision makers like this are admitting that their organizations need to do a better job of monitoring who has access to their data, despite high profile incidents like Sony, JP Morgan and Target and the knowledge that breaches can potentially cost them millions of pounds.”