Courion Corporation

Ex-Employees Will Use Zombie Accounts

It is being reported that yet another utility company has been attacked by a disgruntled ex-employee using a zombie account.  This time, the victim was Energy Future Holdings, a large privately-held energy company in Texas.  After being fired and escorted off the premises, a former employee apparently used his still-active account to gain access to the corporate VPN, where he emailed proprietary data to a personal email account on Yahoo! and modified or deleted various files in the corporate network, which caused an estimated $26K in damages related to lost business.

As we saw last month in the case of the California Water Service Company in San Jose, enterprise networks can be extremely vulnerable to attack by zombie accounts as layoffs - and tempers - mount. Security professionals need to be extremely diligent about the state of their Access Assurance strategies to make sure they are turning off access for former employees immediately upon termination.  Leaving even a short time gap between notice of termination and closing accounts creates vulnerabilities.  For example, earlier this year the Ponemon Institute reported that 59 percent of terminated employees admitted to stealing confidential company information.  Implementing an automatic de-provisioning process is the only way to confidently avoid glaring lapses in security when your company's data stores are vulnerable to attack.