One-Third of Internal User Accounts Are ‘Ghost Users’
Due to inadequate access controls on various systems attackers and malware can easily move laterally through an organization destroying content.
Security firm Varonis analyzed data risk assessments performed by its engineers on 130 companies and 5.5 petabyes of data through 2017. What concerns Varonis technical evangelist Brian Vecci most is that companies left 21% of all their folders open to everyone in the company.
Sensitive folders and files are among the overexposed. Thirty percent of companies leave more than 1,000 sensitive folders accessible to all employees, and 41% have more than 1,000 sensitive files accessible to all employees, according to the report.
Adding to the risk of attackers’ lateral movement is the prevalence of user accounts that are “stale” – inactive, out of use – but still enabled. The Varonis assessments found that 34% of all users fall into this “ghost user” category; almost half (46%) of companies have over 1,000 ghost user accounts.
Not only are users inactive, but the data is as well – more than half (54%) of companies’ data is stale, according to the report. Not only could this be a needless storage expense, but it puts organizations at higher risk of breaches and regulatory compliance violations.
His advice is to scan for sensitive data, map all access controls, and turn on monitoring. “In other words, know what you’ve got,” says Vecci. “If you just do these three things, companies would be so much further than they are right now. And it doesn’t need to be a big project.”