The ghosts of users past present perfect route into businesses, for hackers

  • by Matt Lock, Director of Sales Engineers, Varonis

High profile ransomware attacks are never far from the headlines these days, but what about the lesser known tactics of a malicious actor looking to steal company data? Hackers looking for the quietest, easiest route into an organisation are now focusing their attention on stale user accounts – these ‘ghost users’ present the perfect channel.

Stale accounts within an organisation are those which are no longer needed; accounts where users have left the company or changed job roles and so the permissions they require have changed. From our own analysis across 80 organisations, 26% of all accounts were those of ‘stale enabled users’. That’s to say, they hadn’t accessed data or logged on to the network for more than 90 days. For one organisation, around 90% of all user accounts were stale. A high proportion of these stale accounts are often a result of communication issues between the IT team and other departments within an organisation. Whilst IT can implement permission changes and account closure, they are heavily reliant on information from other areas of the company.