Redundancies and corporate re-organisations are an unfortunate reality in todays economic climate. Too often, businesses leave themselves vulnerable to a data breach or serious security incident during the redundancy cycle by not immediately revoking the network and application access points of terminated employees.
Security threats from inside the organisation are not a new phenomenon, but layoffs and economic uncertainty can significantly exacerbate the problem. A recent Cyber-Ark survey, The Global Recession and its Effect on Work Ethics, found that 71 per cent of the employees surveyed declared they would definitely take company data with them to their next employer.
The study further stated that "top of the list of desirable information is the customer and contact databases, with plans and proposals, product information, and access/password codes all proving popular choices.
Moreover, the Jobs at Risk = Data at Risk survey published by the Ponemon Institute, found that 59 per cent of employees who were laid off, terminated, or who quit their jobs in the last 12 months admitted to stealing company data, and 67 per cent admitted to using their former companys confidential information to leverage a new job.
An employee gone bad
When a security incident of this nature occurs, we tend to file it away as an example of an employee gone bad. In reality, it constitutes a failure of the organisation to uphold its responsibility on behalf of the business to manage, control and monitor the power it provides to its employees and systems.
At a basic level, the organisation and its management has a fiduciary responsibility to ensure that access to critical information and applications is authorised and that it is continually monitored to make sure the resulting activity is authorised as well. The failure stems from the perception of control an organisation has over its most sensitive networks, systems and devices.
The threat to an organisation is increased exponentially when the access is through administrative, shared or privileged accounts. These represent the most powerful IT users in an organisation, often providing wide-ranging access to most systems, application or database within the enterprise.
These privileged identities, which exist on virtually every one of the thousands of servers and applications within a typical enterprise, very rarely get changed, due to the presumed extra IT effort involved and the need to communicate the new settings to the IT staff, which, if not done effectively, could potentially impede or slow down an administrator doing a time-critical task.
This type of uncontrolled access can lead to dire situations. In fact, failure to control these privileged identities led to two of the more critical security incidents in the past year.
Sign up for Computerworld eNewsletters.