Story image

Dormant employee accounts a major cyber risk for Singapore businesses

09 Oct 2017

The ways Singapore businesses manage accounts used to access data, IT infrastructure and systems are leaving major gaps that could lead to major security and compliance deficiencies, according to One Identity.

Security best practices such as removal of access to corporate data, dormant account removal and role administration are still a challenge – 81% of Singapore respondents are not confident that their former employees’ accounts have been deactivated in a timely manner.

“With organizations across the Asia Pacific region facing increased cyber threats, IT and business leaders need to evaluate their identity-related security strategies,” says Lennie Tan, VP of One Identity, Asia Pacific & Japan.

Although 99% of organizations have methods that can identify dormant users, only 22% have tools that can help find those users.

Best practices state that employee accounts that are no longer used should be deactivated. If an employee changes roles, new access rights must be granted and older, irrelevant ones must be retired.

Only 5% of Singapore respondents audit enterprise roles more frequently than monthly, the report also found.

Dormant accounts are open invitations for hackers, disgruntled employees or other actors who can exploit the accounts and gain access to sensitive information. In some cases, data breaches and compliance violations can occur.

Seven percent of respondents in Singapore say they remove access for users immediately upon a change in HR status.

Dormant accounts are not just about internal system accounts, but access to cloud accounts and share services such as Dropbox.

“The alarming results of our study prove that organizations in Singapore are exposing unsecured identities and creating security holes for hackers to exploit. Those that don’t adopt stronger defenses and innovative solutions to mitigate the growing risk more quickly, might face serious consequences including reputation and financial loss," Tan continues.

These attacks occur through credential-based attack methods, such as user names and passwords. Once attackers gain access, they can move laterally and escalate privileges to find sensitive information such as a CEO’s email, customer or employee personally identifiable information or financial records.

With every additional inactive account, the more potential damage could be done, such as data loss, leakage and theft, the company says.

“Exploitation of excessive or inappropriate entitlements remains a goldmine for threat actors who will then capitalize on access to gain a foothold in an organization to steal data or inject malware,” comments Jackson Shaw, senior director of Product Management for One Identity. 

One Identity’s study gained responses from 913 IT security professionals from Singapore, Australia, Hong Kong, Australia, France, Germany, Canada, the US and the UK.

Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.
Hackers increasingly ‘island hopping’ – so what does it mean?
Carbon Black's Rick McElroy discusses this new trend and what it means for the new age of cybercrime.
Trust without visibility is blind – Avi Networks
Enterprises are wanting to gain the trust of their customers, but are often found blindly defending themselves.
How to avoid becoming a cryptojacking victim - Bitglass
Large-scale cryptojacking is a lucrative business due to the popularity and value of cryptocurrencies like Bitcoin and Ethereum.
Symantec, Ixia combine efforts to secure hybrid networks
Ixia’s CloudLens and Symantec Security Analytics now feature complete integration, which allows Symantec customers to gain real-time visibility into their hybrid cloud environments.