According to the 2019 Verizon Data Breach Investigations Report, 62 percent of all data breaches last year involved the use of stolen credentials, brute force, or phishing. Nearly half of these types of breaches were directly attributed to stolen credentials. Stolen credentials are not only a risk through active user accounts, but can be a significant risk through orphaned accounts. One notable example of this type of credential theft occurred last fall when Avast and NordVPN reported a data breach tied to “forgotten or unknown user accounts,” or the predominance of orphaned accounts lacking proper oversight and governance.
Orphaned accounts within an organization are accounts that are no longer associated with a valid business owner. They represent ideal places for bad actors to gain access into your company because no one is actively looking into them. According to KrebsonSecurity, “forgotten user accounts that provide remote access to internal systems…have been a persistent source of data breaches for years,” as was the case with Avast and NordVPN. But to better understand orphaned accounts and what you can do about them, let’s take a look at where they originate from and then identify several key strategies you can use to combat them in your business.
Where Do Orphaned Accounts Come From?
Orphaned accounts typically arise when someone leaves your company or changes positions within the organization. In the case of separation, this means access to certain applications, data, or systems is not terminated. In the case of a position change, access is not reduced to an appropriate level, which may include complete removal of access. This frequently happens in industries with fairly high turnover, like healthcare or retail, because as people exit the company or transition roles, there may be no formal process for cleaning up these accoun ..
Support the originator by clicking the read the rest link below.
