Story image

Dormant employee accounts a major cyber risk for Singapore businesses

09 Oct 17

The ways Singapore businesses manage accounts used to access data, IT infrastructure and systems are leaving major gaps that could lead to major security and compliance deficiencies, according to One Identity.

Security best practices such as removal of access to corporate data, dormant account removal and role administration are still a challenge – 81% of Singapore respondents are not confident that their former employees’ accounts have been deactivated in a timely manner.

“With organizations across the Asia Pacific region facing increased cyber threats, IT and business leaders need to evaluate their identity-related security strategies,” says Lennie Tan, VP of One Identity, Asia Pacific & Japan.

Although 99% of organizations have methods that can identify dormant users, only 22% have tools that can help find those users.

Best practices state that employee accounts that are no longer used should be deactivated. If an employee changes roles, new access rights must be granted and older, irrelevant ones must be retired.

Only 5% of Singapore respondents audit enterprise roles more frequently than monthly, the report also found.

Dormant accounts are open invitations for hackers, disgruntled employees or other actors who can exploit the accounts and gain access to sensitive information. In some cases, data breaches and compliance violations can occur.

Seven percent of respondents in Singapore say they remove access for users immediately upon a change in HR status.

Dormant accounts are not just about internal system accounts, but access to cloud accounts and share services such as Dropbox.

“The alarming results of our study prove that organizations in Singapore are exposing unsecured identities and creating security holes for hackers to exploit. Those that don’t adopt stronger defenses and innovative solutions to mitigate the growing risk more quickly, might face serious consequences including reputation and financial loss," Tan continues.

These attacks occur through credential-based attack methods, such as user names and passwords. Once attackers gain access, they can move laterally and escalate privileges to find sensitive information such as a CEO’s email, customer or employee personally identifiable information or financial records.

With every additional inactive account, the more potential damage could be done, such as data loss, leakage and theft, the company says.

“Exploitation of excessive or inappropriate entitlements remains a goldmine for threat actors who will then capitalize on access to gain a foothold in an organization to steal data or inject malware,” comments Jackson Shaw, senior director of Product Management for One Identity. 

One Identity’s study gained responses from 913 IT security professionals from Singapore, Australia, Hong Kong, Australia, France, Germany, Canada, the US and the UK.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.