19.7.17

OneLogin: Businesses vulnerable to data breaches by ex-employees

Businesses leave themselves open to potential data breaches through their ex-employees by failing to disable their access to the corporate network, according to a new study by OneLogin.
Over half (58%) of ex-employees are still able to access all corporate applications after leaving the business.
Furthermore, this is a proven risk, with 24% of businesses being subject to data breaches carried out by former employees.
The UK-based report, based on responses from more than 600 IT decision-makers, revealed that half these respondents were not using automated deprovisioning technology to disable employees’ access.
The fact that the majority (92%) of businesses attempt to manually sever access may explain why a month after leaving the business, 28% of employees are still able to log onto corporate applications.
Alvaro Hoyos, chief information security officer at OneLogin, said: “Our study suggests that many businesses are burying their heads in the sand when it comes to this basic, but significant, threat to valuable data, revenue and brand image.”
This study follows OneLogin’s recent acknowledgement that it is unable to guarantee the security of encrypted data compromised by a cybercriminal, with regard to the security incident on May 31.
The report stated: “We know that a threat actor used one of our AWS keys to gain access to our AWS platform”, and made reference to an “ongoing investigation” with “an independent security firm to determine how the unauthorized access happened”.
Hoyos suggested that the upcoming General Data Protection Regulation (GDPR) might put the necessary pressure on businesses, stating: “With [GDPR] in mind, businesses should proactively seek to close any open doors that could provide rogue ex-employees with opportunities to access and exploit corporate data.
“The first step is acknowledging the problem, which businesses now have done by confessing they are aware of the issue. They now need to take steps to fix this issue by utilising the available tools”.


A major cyberattack could cost the global economy $53 billion


By Editor

Lloyd’s of London has reported that a serious cyberattack could cost the global economy as much as a devastating natural disaster.
According to the Guardian, average losses from a crippling cyberattack are estimated to be around $53 billion.
However, insurers are unable to give a specific estimate, due to the complexity of cyberattacks and the lack of historical data available. A worst case scenario could see the figure reaching up to $121 billion.
The report looked at the potential damage that could be triggered by an attack on a cloud service provider, which is believed to be the most likely target for an attack.
The paper judged the second-most likely threat to be to worldwide computer operating systems.
Lloyd’s published the report two months after WannaCryptor went global, at an estimated global cost of $8 billion.
The industry found to be most at risk is the financial sector, followed by software and technology and then hospitality.
Inga Beale, chief executive of Lloyd’s, said: “Because cyber is virtual, it is such a difficult task to understand how it will accumulate in a big event.”
She added: “Cyber events can cause a severe impact on businesses and economies, trigger multiple claims and dramatically increase insurers’ claims costs.”
Cybersecurity experts at ESET have recently identified Industroyer as a major threat, especially to Industrial Control Systems.
It is hoped that analysis of such threats will serve as a wakeup call for all those responsible for the security of critical infrastructure (systems) worldwide.
Such repeated warnings should not be falling on deaf ears.
Many governments and businesses run a huge financial risk by not being insured; but more crucially, risk falling victim to an attack by failing to ensure that employees and consumers heed expert advice.