By: David Kelleher

David Kelleher — Thu, 12 Nov 2009 09:31:47 +0000

Thanks John. The statistics are worrying, to say the least. Our own research in September in the US and last month in France shows that SMBs are too trusting and that they pay too little attention to insiders. It also amazing how IT managers can be largely unaware of employee access to their systems. I think this is an area that needs to be addressed much more by the security community.

By: John Mello

John Mello — Wed, 11 Nov 2009 20:56:48 +0000

While taking appropriate and immediate action when an employee resigns or his or her role is terminated will ensure that security is not compromised, many corporations still underestimate the risks sacked workers pose to their operations. Just how clueless many organizations are to those risks was revealed in a study (http://www.courion.com/company/press_release.html?id=408) released this summer by the Courion Corporation, which specializes in access governance, provisioning and compliance. Among study’s findings were that

–53 percent of IT managers are largely unaware of employee access rights to their systems;

–48 percent of companies take more than one business day to alert their IT departments that an employee has been terminated;

–23 percent of the firms take an additional day or more to switch off a terminated employees access to their systems;

–34 percent of business managers acknowledged it could take up to a week before they were certain a terminated employee’s access ws shut off.

–9 percent of the companies admitted they could never be completely certain they’d cut off their former employees’ access.

“These figures suggest that IT administrators may be overconfident in their ability to prevent data breach threats from zombie accounts,” Courion said, “which can cost organizations millions of dollars in damages and tarnish brand reputation.”

Comments on: When employees bite back – Security in organizations

By: David Kelleher

By: John Mello