Centrify survey reveals ex-employees have access to confidential data up to a week or more after leaving a company
One in three say it is ‘easy’ for ex-employees to access systems or information with old passwords
Companies in the UK admit that former employees who have access to corporate systems and data through old passwords and access rights could be putting them at risk of a security breach. This is according to figures from the latest research by Centrify Corporation, the leader in securing identities from cyber threats.
The findings, from Centrify’s ‘State of the Corporate Perimeter’ survey of 400 UK and US IT decision makers (ITDMs), show that when it comes to the risks posed by ex-employees, almost a third (32 per cent) of UK respondents believe that it would be ‘easy’ for an employee who has left the company to log in and access systems or information with old passwords. This compares to 53 per cent of respondents in the US.
Although half (49 per cent) say ex-employees and contractors/third parties are ‘off-boarded’ the day they leave, over half also admit that it can take up to a week or more to remove access rights and passwords to sensitive data for someone no longer with the company.
The question of who has root or privileged level access to systems is also a concern. Forty per cent of UK ITDMs working for companies with 500+ employees and 50 per cent working in companies with less than 500 employees say that more than 10 per cent of staff have privileged access to data – potentially exposing confidential and highly sensitive information to both insider threats and external breaches.
“Giving employees elevated access to privileged accounts and the organisation’s most critical data, applications systems and network devices is essentially giving them the ‘keys to the kingdom’. It’s the equivalent of providing the front door key to your house – and you’d be very, very careful who you gave that to,” explains Barry Scott, CTO EMEA at Centrify.
The survey also reveals that nearly half (45 per cent in the UK compared to 55 per cent in the US) of organisations have suffered a security breach in the past. A quarter of UK respondents (26 per cent) suspect attempts have been made in the last week, while one in seven (14 per cent) say that their systems may have suffered attempted security breaches in the last hour. According to the findings, 57 per cent in the UK admit their organisation needs to do a better job of monitoring who is accessing data.
Scott adds: “The challenge is that modern enterprises have their infrastructure both on-premises and in the cloud, they have a mobile workforce and IT users may be their own employees, temporary contractors or from external companies. Privileged accounts are a very attractive target for hackers. It’s surprising that experienced IT decision makers like this are admitting that their organisations need to do a better job of monitoring who has access to their data, despite high profile incidents like Sony, JP Morgan and Target and the knowledge that breaches can potentially cost them millions of pounds.”
Other key findings:
- Half of ITDMs say that security is in the top three biggest IT challenges in the next 12 months
- Just over a third (34%) in the UK (59% in the US) admit they share access credentials with other employees often and 32% in the UK (52% in the US) share access with contractors
- Among those who allow contractors to have access to their systems, 68% in the UK (82% in the US) believe it would be possible for them to access data with old passwords.
The Centrify ‘State of the Corporate Perimeter’ research report was conducted online, surveying 200 IT decision-makers (ITDMs) in organisations in the UK and 200 in the US. The survey was conducted between April 27 and April 30, 2015. In the UK, half of the ITDMs worked for companies with <500 employees and half worked for companies with 500+.
Centrify strengthens enterprise security by managing and securing identities from cyber threats. As organizations expand IT resources and teams beyond their premises, identity is becoming the new security perimeter. With our platform of integrated software and cloud-based services, Centrify uniquely secures and unifies identity for both privileged and end users across today’s hybrid IT world of cloud, mobile and data center. The result is stronger security and compliance, improved business agility and enhanced user productivity through single sign-on. Over 5000 customers, including half of the Fortune 50 and over 80 federal agencies, leverage Centrify to secure identities. Learn more at www.centrify.com.