Inadequate IT processes for managing user accounts and access can create major security and compliance risks for companies in Singapore, according to a new study from One Identity that was conducted by Dimension Data.
Common security best practices that challenge organisations in Singapore are timely removal of access to corporate data and applications, dormant account identification, and role administration.
Eight out of 10 (81 percent) of the Singapore IT professionals surveyed lack confidence that all former employees and employees changing roles have had their accounts changed or removed, in a timely manner.
Seven percent of respondents in Singapore said they removed access for users immediately upon a change in HR status. Four percent are confident that they have no dormant accounts, and 39 percent are "very confident" they know which dormant user accounts exist.
Most (93 percent) agreed that it takes a month or longer to discover these dangerous open doors into the enterprise.
"The alarming results of our study prove that organisations in Singapore are exposing unsecured identities and creating security holes for hackers to exploit. Those that don't adopt stronger defenses and innovative solutions to mitigate the growing risk more quickly, might face serious consequences including reputation and financial loss," said Lennie Tan, vice president & general manager, One Identity, Asia Pacific & Japan.
Deprovisioning access to accounts
Nearly 2 in 10 (18 percent) respondents in Singapore report deprovisioning access to these accounts in a centralised/automated manner.
Less than one in four respondents in Singapore are "very confident" that user rights and permissions in their organisations are correct for the individuals' roles.
Almost 9 in 10 (88 percent) organisations in Singapore are concerned about the risk represented by dormant accounts. Nearly all of them (99 percent) have a process for identifying dormant users, but only 22 percent have tools to aid in finding them.
Only 5 percent of respondents in Singapore audit enterprise roles more frequently than monthly.
"Exploitation of excessive or inappropriate entitlements remains a goldmine for threat actors who will then capitalize on access to gain a foothold in an organization to steal data or inject malware," said Jackson Shaw, senior director of Product Management for One Identity. "This data is a wake-up call to organizations that they need sound solutions in place to ensure appropriate access rights across the entire organization and user population."
Sign up for Computerworld eNewsletters.