Youattest Logo

Ghost Accounts are a Serious Threat that Access Review Can Identify

One of the key parts of any IAM/IGA program has to be recognize that ghost accounts are a serious threat.   Thorough and regularly scheduled access reviews can help identify these accounts.

Managing sensitive information is crucial to any cybersecurity protocol. With periodic access reviews, organizations can ensure that only the right people can access the information and infrastructure of the organization. However, monitoring access to information becomes increasingly difficult and critical as work lifecycles continue to grow in complexity. When someone terminates their employment or changes roles, they still may be able to access data and systems that they no longer should have access to, posing significant security risks remedied during a regular access review. 

Ghost accounts are a serious threat and are sought by hackers for malicious puposes – YouAttest can help identify these accounts via cloud-based Access Reviews.

Recommended by the NIST’s Cybersecurity Framework to be conducted on a semiannual basis, with most HITRUST customers executing these reviews on quarterly basis.   Access reviews analyze the users within an organization’s IT systems to determine if unauthorized access is occurring or possible. User access permissions get reviewed, and their ability to access resources is modified accordingly. However, a commonly overlooked cybersecurity threat is posed by ghost or inactive accounts. These ghost accounts, while having credentials to access an organization’s information and systems, do not belong to anyone and might remain after an employee leaves or when a service account is no longer used. Ghost accounts create vulnerabilities that hackers can exploit to access sensitive information.

YouAttest, via its 100% based, GUI-driven IGA tool – helps enterprises identifying the ghost accounts since ghost accounts are a serious Threat. YouAttest pulls all states of that a user can be in, via its Okta connector.   The states include:  Staged, Pending User Action, Active, Password Reset, Locked Out, Suspended, Deactivated.

Since most protection typically revolves around active users, ghost accounts can easily slip under the radar of the IT team. There may be miscommunication between IT and HR departments, so if an employee leaves the organization, but IT is not made aware, ghost accounts can lay inactive for lengthy periods of time. In a study, it was found that 26% of user accounts are inactive, e.g. these accounts are stale.  Stale accounts are denoted as enabled (activated) accounts which have not had any activity for 90 or more days.   

The ghost/stale account leave many opportunities open for hackers and cybercriminals to exploit. Additionally, ghost accounts are easy targets for hackers since a simple LinkedIn search can identify employees that have recently left the organization, allowing them to target a recently inactive account.

Since ghost accounts are a serious threat, but through comprehensive access reviews, accounts are reviewed to ensure that this issue is not occurring. If users have not signed into their account for a long time, their accounts should be disabled or restricted from accessing sensitive information. Additionally, collaboration with HR departments can help to identify accounts of individuals no longer employed and requiring access.

Ghost accounts Are A Serious Threat

Since ghost accounts are easy for hackers to utilize for malicious activities, they shouldn’t get overlooked when conducting access reviews. Creating an efficient way to identify these accounts will allow them to be properly addressed and reviewed during an access review. With the issue of ghost accounts eliminated, organizations can feel confident that they are properly securing their systems from unauthorized access.

YouAttest has a host of enteprise features included,  Okta API integration, .CSV upload, auto-delegation, auto-scheduling and event trigger attestation.   Schedule a meeting with YouAttest to learn how to address your acces review needs, including identifying ghost accounts.

YouAttest is the only cloud-based IGA platform that deploys in minutes via application SSO to platforms like Okta.   Register for the December 9th YouAttest webinar on SOX 404B mandates for User Access Reviews.