In today’s security programs, we often lose sight of the forest for the trees and forget the basics. Removing an employee’s ability to access company property – whether physical access or network access – is so basic that it too often gets overlooked. This article from InfoSecurity is a painful reminder of how lax many security programs are.
Is this a lack of knowledge or motivation? We would say no. The fact that this study found that more than half of the companies who answered stated that ex-employees still have access to their networks reinforces our belief that companies continue to work in silos with no comprehensive security program. Companies like ours who help organizations develop integrated security programs see it time and again. The end result is that instead of security being everyone’s responsibility, it is no one’s responsibility or put in the hands of non-security professionals as an add-on responsibility.
What is particularly disconcerting about this article is that we believe that it will only get worse because of a shift that we are observing where even the really large organizations have slashed the dollars spent on building comprehensive security programs. The trend we see is a patchwork of technology, contract security, and IT security that all work in silos and don’t effectively maximize their value and blend the people, processes and technology. The end result of this approach is already being felt by businesses and will be the downfall of many.