Over a third (36 percent) of desk-based workers in the UK and the US are aware of having continued access to a former employer’s systems or data, with nearly one in 10 actually accessing it. With comment from Francois Amigorena, CEO of IS Decisions.
Organisations in the UK and the US are neglecting to deploy vigilant post termination processes, allowing ex-employees continued access to systems and data after they have left their position, research from security software provider IS Decisions has revealed. Over a third (36 percent) of desk-based workers in the UK and the US are aware of having had access to a former employer’s systems or data after having left the organisation. This finding, explored in IS Decisions new report ‘From Brutus to Snowden: a study of insider threat personas’, potentially highlights an even bigger problem, as an even greater number of ex-employees may still have access to data without even realising it.
It also differs wildly across age groups, with a much larger 58 percent of 16 to 24 year olds and 48 percent of 25 to 34 year olds stating awareness of having had continued access to a former employer’s systems or data. This continues to decrease for older age groups, averaging just 21 percent for those aged over 55, which could be attributed to younger age groups moving jobs more frequently, but does suggest that the issue is a growing one. Of the 36 percent that were aware of their continued access, 9 percent actually chose to use it, meaning nearly one in 10 ex-employees access systems or data from their former employers. Once again, this tended to be higher for younger age groups, averaging 13 percent for all those aged 16 up to 34.
The worst industry sectors for allowing their ex-employees to continue to access systems are surprising, with HR and recruitment and IT being the joint top, along with arts and culture at 46 percent. This suggests that those industries that should know better, are in fact worse than the rest. The most likely job role for an ex-employee with continued systems or data access to have is marketing, with a huge 68 percent of this sample stating this was the case. The next highest is potentially even more worrying, with 56 percent of those handling sensitive company data working in legal roles continuing to have access after leaving an employer.
François Amigorena, CEO of IS Decisions, said, “As the number of disparate systems and networks we use in our every day working lives increases, it’s natural that access management is becoming a more difficult problem to address for organisations. Marketing departments apparently suffer from this worst of all; between email, social media, CRM systems and everything else there is a lot to cover. “The fact is though, that an ex-employee is more likely to have incentive than anyone to put this access to malicious use. Former employees are probably the greatest insider threat, yet they are the easiest to address; just make changing passwords and deactivating accounts a part of the termination process. Yet businesses are failing to do this, and worse still businesses in the industries you would most expect this to be standard procedure, IT and HR, are failing even more than the rest.”
Commenting on the response from the Department for Business, Innovation and Skills to the Feltag recommendations, Kirstie Donnelly, UK Managing Director of City & Guilds said:“It is good to see the spotlight on the need for better education around digital skills. But as today's report shows, the extent of the UK’s digital skills gap is a big concern. We need to do much more to protect our growing tech industries so we can compete in the global economy. Research City & Guilds conducted last year painted a worrying picture of the shortage of suitably skilled recruits from the UK. Almost three quarters of employers in the IT, Digital and Information Services Sector said their industry faces skills gaps. And 47 percent of all the employers we spoke to said that the education system isn’t meeting the needs of business. Something needs to change. ‘It’s time to look again at the skills we are teaching young people, and develop a curriculum that is truly aligned with what employers need. It’s equally important that educational institutions invest properly in technology to ensure that not only are young people learning in a way that suits them, but that they are building those crucial digital capabilities from an early age. The report is a welcome step towards tackling the digital skills gap. The UK must embrace this opportunity now and prepare for our future.”