One of the things that any cybersecurity professional is taught, especially if they are going for a certification like the CISSP, is how to keep information secure from employees. This is especially the case if an employee is leaving a company. Basic security protocol states that all access, from logins to entry badges, must be universally revoked. Unfortunately, some corporations do not follow proper exit procedures to protect their data from ex-employees, and it appears the problem is worse than previously thought.
According to a report from OneLogin, a massive amount of companies still allow (most likely due to negligence) ex-employees access to various applications. The report is derived from a study OneLogin performed with “500 U.S.-based IT decision makers” in which each individual worked “in a corporate IT department where they have some-level of responsibility over the company’s IT security.”
The findings of the quantitative survey were alarming, to put it mildly. It was found that roughly 44 percent of IT professionals surveyed believed that their companies had not revoked access to the network from ex-employees. Directly correlating with this is the revelation that "according to 20 percent of the respondents, failure to deprovision employees from corporate applications has contributed to a data breach at their organization."
The fact that the most basic protocols are being ignored shows just how poorly trained IT divisions in major companies are. We wonder how massive security breaches occur, especially when it involves the most sensitive data, but this study without a doubt shows the truth behind these breaches. An insider with access is the most dangerous to your company's security, more than any malware or phishing email.
So how do we respond as a cybersecurity community to these revelations? OneLogin suggests a security information and event management (SIEM) system, which they expand on in the below quote:
A SIEM solution can help monitor employee app. usage to detect threats to the corporate network. Integrating a SIEM solution with the company’s identity and access management system can help enforce login policies across their entire application portfolio to provide businesses another layer of security.
Whatever the process is, upper management at any company, especially at a major corporation with major economic influence, must closely evaluate the deprovision protocols they follow.
Photo credit: Pixabay