Saturday, 7 June 2014

Thousands of ex-workers in IT “still have password” for old jobs

Ex-employees often still have full access to the network of their previous employer, leaving the company open to “revenge attacks” – or just practical jokes.
Around 13% of employees boast that they still have full access to the systems of their previous employers, Help Net Security reports. Many others have access to two or three. Of those who had acesss to one previous employer, 16% of those polled said that they could access the systems of everyone they had ever worked for.
The survey was conducted at a recent IT conference, and 270 current IT workers answered the questionnaire. Workers who still had access to one previous employer didn’t stop there, the survey found.
Of those who had access to one previous employer’s systems, nearly a quarter could still access their last two employers, and 16% said they could access the network of every company they ever worked for.
Shockingly, while 84% of companies had strict policies on allowing contractors permanent access to networks, 16% did not, the report said.
Leaked credentials are often the “key” to large-scale data breaches. In Verizon’s report on corporate security in 2013, We Live Security reported that more than three-quarters (76%) of network intrusions relied on weak or stolen credentials – a risk that Verizon describes as “easily preventable”.
Philip Lieberman, CEO and President of Lieberman Software, said: “The results of this research shows that a fundamental lack of IT security awareness in enterprises, particularly in the arena of controlling privileged logins, is potentially paving the way for a further wave of data breaches.”
“Organizations must implement a policy where privileged account passwords are automatically updated on a frequent basis, with unique and complex values. That way, when an employee does leave the company, he is not taking the password secrets that can gain access to highly sensitive systems.”

No comments:

Post a Comment