Dormant employee accounts a major cyber risk for Singapore businesses
The ways Singapore businesses manage accounts used to access data, IT infrastructure and systems are leaving major gaps that could lead to major security and compliance deficiencies, according to One Identity.
Security best practices such as removal of access to corporate data, dormant account removal and role administration are still a challenge – 81% of Singapore respondents are not confident that their former employees' accounts have been deactivated in a timely manner.
“With organizations across the Asia Pacific region facing increased cyber threats, IT and business leaders need to evaluate their identity-related security strategies,” says Lennie Tan, VP of One Identity, Asia Pacific - Japan.
Although 99% of organizations have methods that can identify dormant users, only 22% have tools that can help find those users.
Best practices state that employee accounts that are no longer used should be deactivated. If an employee changes roles, new access rights must be granted and older, irrelevant ones must be retired.
Only 5% of Singapore respondents audit enterprise roles more frequently than monthly, the report also found.
Dormant accounts are open invitations for hackers, disgruntled employees or other actors who can exploit the accounts and gain access to sensitive information. In some cases, data breaches and compliance violations can occur.
Seven percent of respondents in Singapore say they remove access for users immediately upon a change in HR status.
Dormant accounts are not just about internal system accounts, but access to cloud accounts and share services such as Dropbox.
“The alarming results of our study prove that organizations in Singapore are exposing unsecured identities and creating security holes for hackers to exploit. Those that don't adopt stronger defenses and innovative solutions to mitigate the growing risk more quickly, might face serious consequences including reputation and financial loss," Tan continues.
These attacks occur through credential-based attack methods, such as user names and passwords. Once attackers gain access, they can move laterally and escalate privileges to find sensitive information such as a CEO's email, customer or employee personally identifiable information or financial records.
With every additional inactive account, the more potential damage could be done, such as data loss, leakage and theft, the company says.
“Exploitation of excessive or inappropriate entitlements remains a goldmine for threat actors who will then capitalize on access to gain a foothold in an organization to steal data or inject malware,” comments Jackson Shaw, senior director of Product Management for One Identity.
One Identity's study gained responses from 913 IT security professionals from Singapore, Australia, Hong Kong, Australia, France, Germany, Canada, the US and the UK.