Survey: Orphaned Accounts Remain Problem For Organizations
Symark International recently announced the results of a survey of more than 850 security, IT, HR and C-level executives across all industries.
Conducted by eMediaUSA, the survey focused on orphaned accounts -- user accounts that remain active after an employee has left a company -- and the processes organizations have in place to locate and terminate them. The study revealed that 42 percent of businesses do not know how many orphaned accounts exist within their organization, and 30 percent of respondents said they have no procedure in place to locate orphaned accounts.
“Orphaned accounts represent a significant problem among organizations across all industries. Unfortunately, many IT staffs tend to be overworked and as a result, these open accounts are often overlooked,” said Sally Hudson, research director, security products and services for IDC. “Whenever an employee leaves an organization, IT and security administrators should make it a priority to shut down their access immediately. Failure to do so creates gaping holes through which hackers -- or malicious insiders who are familiar with the IT environment -- can access and pilfer sensitive material.”
Other key findings from the survey include:
- Approximately 27 percent of respondents said that more than 20 orphaned accounts currently exist within their organization.
- More than 30 percent of respondents said it takes longer than three days to terminate an account after an employee or contractor leaves the company, while 12 percent said it takes longer than one month.
- More than 38 percent of respondents said that had no way of determining whether a current or former employee used an orphaned account to access information, while 15 percent said that this has occurred at least once.
“By now, most security professionals understand that a vast majority of data breaches involve some sort of insider impropriety. However, the threat from within continues to remain a major hurdle, largely due to the sheer number of avenues available to an employee to carry out malicious activity,” said Bob Farber, chief operating officer at Symark International. “As the sobering results of this study demonstrate, orphaned accounts represent a major security and compliance challenge and are often overlooked as a potential threat vector. It is clear that organizations must implement polices and technologies to ensure that user accounts are terminated swiftly as soon as the employee leaves the company, especially for large, international enterprises managing locations across the globe.”