The very real problem of ghost employees
by Vincent Goh, Senior VP, Asia Pacific and Japan, CyberArk
Beware of ghosts! From time to time we hear spooky reports of supernatural activity in Singapore’s offices, but these are urban legends. In the real world, a much greater threat are “ghost employees” - former staff members who have held on to working login details and credentials.
Although there is increasing awareness of cybersecurity issues here, this heightened consciousness is not necessarily translating into positive action. Too many businesses are leaving doors open for attackers to target sensitive data and assets through ghost employees. The fact is that too many flesh-and-blood office workers have been afforded unfettered access to sensitive company data.
Ghost employees are a major concern for any organisation – they not only elevate the risk of key company applications, tools and data being breached in the event of a cyberattack, but also provide a potential route for disgruntled employees or rival businesses to manipulate existing data, causing serious administrative and financial damage.
Generally, businesses operating in countries that have more advanced ICT infrastructure and a bigger digital economy face greater cyber risks. For example, Korea, Australia, Japan and Singapore have been found to be nine times more vulnerable to cyberattacks than other Asian economies.
As we have seen with nearly every recent major cyberbreach in Singapore, from Uber to Microsoft’s customer support portal, credential theft remains the most common and effective route to a successful cyberattack. A lax approach to protecting high-value or privileged accounts can directly elevate the risk of such an attack or a major data breach, in the event of employees’ credentials being harvested. It is therefore clearly essential to manage privileged access.
The need is for organisations to integrate cutting-edge new security technologies into their strategies, such as biometric security techniques, including fingerprint and retinal scans and embedded microchips. Smart devices however present a great cause for concern. As these technologies become more and more prevalent, it’s vital that their access to company tools and applications is managed in the same way as any other device within a corporate network.
Whether for new wearable devices or more established business development, HR or payroll systems, a lack of credentials management means businesses remain vulnerable to the seizure of critical company IP through credentials-based attacks. Forging a more secure digital future begins with adopting an effective privileged access management policy, which limits individuals’ ability to escalate privileges and subsequently reduces their access to sensitive systems – ultimately reducing the number of vectors attackers can seek to exploit.
Beware of ghosts! From time to time we hear spooky reports of supernatural activity in Singapore’s offices, but these are urban legends. In the real world, a much greater threat are “ghost employees” - former staff members who have held on to working login details and credentials.
Although there is increasing awareness of cybersecurity issues here, this heightened consciousness is not necessarily translating into positive action. Too many businesses are leaving doors open for attackers to target sensitive data and assets through ghost employees. The fact is that too many flesh-and-blood office workers have been afforded unfettered access to sensitive company data.
Ghost employees are a major concern for any organisation – they not only elevate the risk of key company applications, tools and data being breached in the event of a cyberattack, but also provide a potential route for disgruntled employees or rival businesses to manipulate existing data, causing serious administrative and financial damage.
Generally, businesses operating in countries that have more advanced ICT infrastructure and a bigger digital economy face greater cyber risks. For example, Korea, Australia, Japan and Singapore have been found to be nine times more vulnerable to cyberattacks than other Asian economies.
As we have seen with nearly every recent major cyberbreach in Singapore, from Uber to Microsoft’s customer support portal, credential theft remains the most common and effective route to a successful cyberattack. A lax approach to protecting high-value or privileged accounts can directly elevate the risk of such an attack or a major data breach, in the event of employees’ credentials being harvested. It is therefore clearly essential to manage privileged access.
The need is for organisations to integrate cutting-edge new security technologies into their strategies, such as biometric security techniques, including fingerprint and retinal scans and embedded microchips. Smart devices however present a great cause for concern. As these technologies become more and more prevalent, it’s vital that their access to company tools and applications is managed in the same way as any other device within a corporate network.
Whether for new wearable devices or more established business development, HR or payroll systems, a lack of credentials management means businesses remain vulnerable to the seizure of critical company IP through credentials-based attacks. Forging a more secure digital future begins with adopting an effective privileged access management policy, which limits individuals’ ability to escalate privileges and subsequently reduces their access to sensitive systems – ultimately reducing the number of vectors attackers can seek to exploit.
Comments
Post a Comment