Please fill in the form below to subscribe to our blog

What Horrors Could Emerge from Your User Graveyard?

October 29, 2021

Old User Accounts Can Come Back to Haunt You.

When was the last time you thought about the risks that your business could face from your user graveyard? Every company has a past, and that past often involves people who no longer work for that company. While these folks might not seem like they’re your company’s problem anymore, that’s definitely not the case. Old user accounts can come back to haunt your IT security team, creating problems and risk for your business when you least expect it.  

This post is excerpted in part from our scary good eBook Monsters of Cybersecurity. DOWNLOAD IT>> 

Ghosts of Former Users Are Dangerous  

Are you vigilant about cleaning up and deactivating old user accounts and permissions? Old yet still active user accounts are very dangerous because they open you up to several kinds of insider risk.  

  • Vengeance from disgruntled former employees is a major danger. Over 90% of malicious insider incidents are preceded by employee termination or layoff, and if that employee still has a valid access credential they can wreak havoc quickly. 
  • Stolen data like sensitive client information and company secrets is a disaster. It’s also a shockingly common event –  an estimated 45% of employees download, save or send work-related files before they leave their job. 
  • Intrusion by cybercriminals who have purchased a password for an old user account on the dark web. Stolen legitimate network credentials go for an estimated $3,000 to $120,000 depending on the company and level of privilege on the account. 

Are you ready to slay the Monsters of Cybersecurity? This checklist tells you what you’ll need to succeed! GET CHECKLIST>>

The Spectre of Past User Accounts is the Malicious Insider

Monster: The Malicious Insider

Is everyone in the company really on the same team? Insider threats include both non-malicious acts like a careless employee error and malicious acts like an employee stealing data. Even a low-level malicious insider has the potential to do devastating damage. This shapeshifting fiend is especially dangerous because it could be anyone – almost 25% of insider threats are from malicious insiders. 

How it attacks: 

Malicious insiders act deliberately to benefit themselves at the expense of the organization. They might do things like steal proprietary information, deploy malware, steal privileged credentials or even sell their own password as part of the thriving cybercrime-as-a-service economy on the dark web. 

The damage it can cause: 

Money & Growth: Malicious insider threats have surged, increasing by 47% in two years. The cost of these incidents has grown commensurately, jumping 31% to $11.45 million in 2020

Loss of Corporate Secrets:  71% of malicious insider incidents are done for financial gain and that includes stealing client lists, customer records, formulas, blueprints and other sensitive information. 

How to Ward Off This Monster 

Watch the Dark Web 

If employees are going to sell access, data or other valuable information, they’ll be selling it on the dark web, where they can make a pretty penny. Dark Web ID enables companies to keep an eye on credential compromises from the inside too by alerting companies as soon as a protected credential is spotted. 

Trust No One 

Zero trust security helps prevent these problems using tools like secure identity and access management to make sure that the right people can access the right things at the right levels after providing proof that they are who they say they are. Passly takes care of that.

us government hack by suspected russsian cybercriminals represented by a hacker in a hoodie in silhouette against a russioan flag created in binary code

Go inside the world of hackers and see how it really works with these true tales of cybercrime undercover operations! WATCH NOW>>

Zombie Accounts Can Come Back to Bite You 

Users love to recycle and reuse passwords to make it easier on themselves to remember their logins, exposing businesses to credential compromise risk. In a 2021 survey, 82% of workers admitted sometimes reusing the same passwords and credentials as they’d used in old accounts. Part of that impetus is that everyone has too many passwords to keep track of these days, and we’ve all got password-protected accounts that we haven’t used in years. Forbes magazine reports that 70% of consumers say that they have over 10 password-protected online accounts, and 30% say that they have “too many to count”.   

But the kicker is they’re not just recycling old corporate passwords. They’re also reusing old passwords from games, shopping, social media and other online accounts at home and at work frequently, and that’s even more dangerous. About three-quarters of employees reuse work passwords for their personal accounts. With over 2 billion new credentials added to the dark web in 2020, the probability that a password from one of those zombie accounts is going to come back and bite your organization is high.  

phishing email imitating famous brands dangers represented by a cartoon hacker in a hoodie at a laptop with an eye mask on done in shades of blue, Batman style.

Is Your Password a Zero or a Hero? Learn the difference and how you can strengthen yours in Build Better Passwords. GET IT>>

The Horrible Result of Zombie Accounts is Credential Copromise

Monster: Credential Compromise 

Credential compromise is the monster that you’re never expecting, popping up to wreak havoc at any time and with no warning. Obtaining one employee password can give cybercriminals a clear path right to the heart of a business, enabling them to perpetrate other nasty attacks like deploying ransomware. Credentials were the top type of information stolen in data breaches worldwide in 2020.  

How it attacks: 

The biggest vector for credential compromise is recycled employee passwords –  60% of passwords that appeared in more than one breach in 2020 were reused. Phishing is also another prime vector for credential compromise, as cybercriminals use sophisticated, socially-engineered attacks to trick employees out of their passwords.  

The damage it can cause: 

Wreaking Havoc: Easy, unrestricted access to an organization is a cybercriminal’s dream. Credential compromise is just the opening gambit in many other cyberattacks – and the more privileged the credential is, the more damage cybercriminals can do with it. Over 40% of IT professionals said that their organization had been damaged by a cybersecurity incident like a data breach because of a bad, recycled or stolen password in 2020.  

How to Ward Off This Monster 

Watch for Signs of Trouble

Don’t wait until it’s too late to find out that an employee credential has been compromised. Use Dark Web ID to find company credentials of any age that might be hanging out in dark web data markets or dumps. Plus, you’ll be notified 24/7/365 if one of your protected pops up.  

Single Sign On 

Create a single launchpad for every employee with Passly to connect them to every application that they need to access with one login. Not only is it convenient, single sign on enables tech staffers to quickly isolate and remove permissions for a compromised credential, limiting the scope of potential damage. 

malicious insider threats can include cryptocurrency risk represented by a crime comic style blue eye looking through a peephole.

Use our Cybersecurity Risk Protection Checklist to find vulnerabilities before the bad guys do! GET IT>>

ID Agent Can Help You Ward Off These Monsters

Secure identity and access management helps ensure that you only let the right ones in. A foundational element of zero-trust security, maintaining tight access control makes it harder for the bad guys to slip in unnoticed to strike your organization even if they have help inside. 

Passly is the solution that you’re looking for to make secure identity and access management easy and affordable. Not only does it help maintain compliance with today’s standards, but Passly also ensures that a zero-trust framework is within reach to set every organization up for compliance success in the future. 

  • Multifactor authentication (MFA) is a requirement for most industries’ compliance standards and CISA compliance standards. According to Microsoft, It’s also 99% effective in preventing password-based cybercrime like using a stolen (or purchased) password and hacking. 
  • Single sign on makes sure that access controls stay tight by making sure that the right people have access to the right things at the right levels and gives tech staffers an edge when responding to security incidents that can prevent major damage. 
  • Get quick and easy access to SSO applications and passwords with the ability to automatically fill in those credentials for web logins. 
  • Automated password resets, secure shared password vaults, seamless integration with over 1,000 business applications and robust remote management capabilities reduce tech staff stress and decrease incident response times. 
  • Get multiple key security components in one solution at a rate far below the competition, especially when compared to the total cost of products from multiple vendors. 

We’re ready to help you take your organization’s password security to the next level with Passly and the strong security solutions in the ID Agent Digital Risk Protection Platform. Don’t take chances with password security for another day.  Contact our solutions experts and let’s get started! 

Learn how to defeat terrifying cybersecurity monsters to keep systems & data safe in a dark world! READ IT IF YOU DARE!>>

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!