Orphaned Accounts: Did The Quora Hack Reveal Hidden Dangers?

477

From watching funny cat videos to checking the latest news, we are all familiar with the exchange of personal data (email address information, and the like) for services. But, could we be becoming dangerously complacent? Studies reveal that 57 per cent of British consumers are concerned about how much personal data they have previously shared online. Often, we’ve even lost track and are unsure of what we have shared, when we have shared it, and most crucially who we have shared it with. Concerningly, this uncertainty around data sharing and user accounts isn’t exclusive to consumers, it is common with enterprise users as well.

Organisations today aren’t just dealing with securing customer information, they’re also tasked with protecting employees and their access to important business applications and data. Throw seasonal staff, temporary and contract workers, plus internal moves across full and part-time staff into the mix, and without a programme such as identity governance to monitor this, hidden minefields are created – that of orphaned accounts (dormant accounts of former employees), for example. Just one of these accounts could give a hacker instant access to the organisation, and its sensitive data.

The weakness that hackers are increasingly taking advantage of is a lack of central visibility into user access across applications and data. This is where identity governance plays a critical role in helping companies see, understand and govern all access across their user population. Stolen employee credentials have become a significant threat to many businesses as hackers have turned their focus here as a lucrative inroad to gaining access to sensitive organisational information.

It might be tempting to overlook the risks and postpone the implementation of vital protective technologies such as identity governance, but the financial and reputational costs of data breaches should be incentive enough for organisations to adopt a proactive mindset. In fact, our research shows that the average cost of dealing with a breach is almost £700,000 per company, per breach. No company can afford that hit to the bottom line.

Companies don’t need to just rethink who has access to what but how to monitor it. This is where innovative solutions like identity governance come in. By making a fundamental shift to an identity-based cybersecurity programme, companies can more easily identify orphaned accounts and keep access proportional to employee needs. As well as drastically reducing the risk of a hack through legitimate credentials, it also brings beneficial culture change, from improving employee habits to allowing an organisation to quickly and easily audit and manage access throughout the organisation.

There are many steps to take to mitigate and shut down a breach once it’s happened, and every organisation should have a response plan in place. While no company today is safe from an attack, all organisations can be proactive in how they plan for the inevitable. By implementing an identity governance platform that can adapt to today’s ever-evolving world of non-linear careers and workplace technology, organisations can stay one step ahead of the hackers.

Paul Trulove
Paul Trulove, Chief Product Officer at SailPoint

Paul Trulove Web Site
In this article