3 in 4 companies risk serious security breach from ex-employees

More than three quarters of organisations are risking serious security breaches from former employees by not severing ties effectively, according to new research by IS Decisions.

Only 24% of companies follow strict post-employment processes to ensure that employees no longer have access to company-sensitive information once they have left. The findings are part of research in IS Decisions’s report, User security in 2015: the future of addressing insider threat, based on a survey of 250 IT professionals in the UK and 250 in the US.

This major security oversight tallies with research from the employee’s perspective conducted by IS Decisions in 2014, which found that over a third of users are still aware of having access to systems — with nearly 1 in 10 regularly accessing systems after having left the company.

François Amigorena, CEO of IS Decisions, said: “It’s often easy for companies to overlook post-employment processes when they’re worrying more about the behaviour of current employees.

“However, an employee on the outside with access to your systems can be as dangerous as any hacker or virus — and often your threat detection systems won’t pick up a former employee because it thinks the employee has genuine authority to access systems.

“Threats can go undetected for months, leaving a huge open window for attack. A simple employee exit checklist can help mitigate these threats.”

The new report also found that IT professionals are calling for more help to tackle the issue of insider threat. The research found that an overwhelming 91% want to see industry-wide collaboration on the issue, 78% want clearer guidelines, and only 43% see senior management taking enough responsibility for insider threat.

And while 67% state they plan to look at specific tools, technology and data to help tackle insider threat, the tools are not likely to be effective in isolation. Research found 57% of insider threat programmes will include organisation-wide training — demonstrating that a joined-up approach is essential for internal security.

The report is available to download via the IS Decisions website: User security in 2015: the future of addressing insider threat