November 18, 2021//Isa JonesLast Updated: January 10, 2022
The termination gap can cause all kinds of trouble. That length of time between an employee leaving their role and their user access being de-provisioned is when dangerous activities can occur — including a malicious breach by that internal user — and the truth is, organizations aren’t worrying enough about it.
The termination gap is exactly what it sounds like: an insider threat caused by the gap of time between an employee’s termination (or a change in their job role and function), and a de-provisioning of their role-based access credentials to critical access points and assets. According to the Ponemon Institute 2020 Cost of Insider Threats: Global Study, there were 4,716 insider incidents recorded across the globe. In addition, criminal insiders made up 14% of insider breaches last year with a price tag of over $4 million—and were caused by improper user access provisioning.
Paying attention to this gap and minimizing it as much as possible is crucial to mitigating insider threats and keeping critical access points safe.
No, the termination gap is not the same as access creep, though the consequences of both are similar. Both concepts involve a user having credentials to critical access points they shouldn’t have, and where there’s unnecessary access, there’s inherent risk. A disgruntled former (or soon to be former) employee could (just as an internal user with too much access) easily leak data, change assets, or otherwise cause harm to an organization’s operational technology with their access.
This threat is not just a hypothetical one, no matter how confident an organization may be in their access management. The headline “Former employee of medical packaging company charged with sabotaging electronic shipping records leading to the delay of PPE to healthcare providers,” from a press release on an insider breach is enough to give anyone pause. These kinds of threats are more than just a user accessing old email. These are credentials to critical access points and assets, so the consequences are just as serious. Reputation damage, supply chain issues, public health and safety issues, financial loss, and regulatory fines are just some aspects of what an organization risks when it doesn’t employ proper access management.
User access reviews are a mighty tool when it comes to preventing breaches from the termination gaps. Any access rights that may have been overlooked will easily be caught in a user access review. Running these access reviews regularly is simply good cybersecurity hygiene, and can be done automatically with the right access review software. Access reviews are especially important when dealing with third parties, whose data and user access will not be a part of an organization’s internal HR systems. While third-party access is much more complicated to govern, there are automated software systems, like SecureLink’s Enterprise Access, that can handle access rights, verify employment status, manage user identities, and alleviate threats.
Speaking of HR systems, creating close linkage between HR systems and access rights allows an organization to easily create role-based access, and develop a user access provisioning policy. When an employee gets hired, HR would control the access the user is provisioned, and when that employee is terminated or their role changes, those access rights change right alongside it, creating a seamless access provisioning lifecycle. The minute a user is no longer an employee, all their access rights can be de-provisioned as easily as their email password, and the threat is gone before it ever arose.
Closing the termination gap is just one of many ways an enterprise organization can prevent cyber attacks. Learn how protecting critical access points and managing user access can keep an organization safe with our Critical Access Management ebook.