Stop the leak, protect against insider threats

January 15, 2024
1 min read

TLDR:

– Help Net Security video featuring John Morello, CTO of Gutsy, discussing the importance of the offboarding process in cybersecurity.
– Morello highlights the potential impact on an organization’s security posture if offboarding isn’t handled thoroughly.

In a Help Net Security video, John Morello, CTO of Gutsy, emphasizes the often-overlooked aspect of cybersecurity: the offboarding process. Morello stresses the importance of this process and its potential impact on an organization’s security posture if not handled thoroughly.

Offboarding refers to the process of removing access and privileges for employees or other insiders who no longer require access to systems, networks, or sensitive data. It is a critical step in preventing insider access from leaking to malicious actors.

Morello points out that when employees leave an organization, there is often a lack of attention paid to the removal of their access rights. This can create vulnerabilities and opportunities for data breaches. He emphasizes the need for organizations to have a comprehensive offboarding policy in place that includes a thorough review of access privileges and removal of those privileges upon an employee’s departure.

One of the key challenges in offboarding is identifying all the systems, networks, and data to which an employee had access. Organizations often struggle with keeping an accurate and up-to-date inventory of their digital assets, making it difficult to determine all the access points that need to be revoked.

Another challenge is the reliance on manual processes for offboarding. Morello highlights the importance of automation in streamlining the offboarding process and ensuring it is done consistently and thoroughly. Automation can help organizations identify all the access points and remove them in a timely manner.

Morello also emphasizes the need for ongoing monitoring and auditing of access rights. It is not enough to remove access upon an employee’s departure; organizations need to regularly review and validate access rights to ensure that only authorized individuals have access to sensitive data and systems.

Overall, Morello’s message is clear: organizations need to prioritize the offboarding process as a crucial part of their cybersecurity strategy. Neglecting this process can leave organizations vulnerable to insider threats and data breaches. By implementing a comprehensive offboarding policy, leveraging automation, and maintaining ongoing monitoring and auditing, organizations can prevent insider access from leaking to malicious actors and strengthen their overall security posture.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and