Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityPhysicalSecurity Enterprise ServicesLogical SecurityArenas / Stadiums / Leagues / EntertainmentBanking/Finance/InsuranceConstruction, Real Estate, Property ManagementInfrastructure:Electric,Gas & WaterEducation: K-12Government: Federal, State and LocalHospitality & CasinosHospitals & Medical CentersPorts: Sea, Land, & AirRetail/Restaurants/ConvenienceTransportation/Logistics/Supply Chain/Distribution/ Warehousing

The inside threat posed by the transition of power

By Bill O'Neill
insider threat of employees leaving
April 22, 2021

The transition from a president to their successor is one of the most intricate processes in the United States’ democracy. An extreme level of caution is taken by everyone involved to ensure sensitive information is handled accordingly and the incumbent president (and those in the outgoing administration) does not continue to have access to ongoing administrative and security privileges.

But the same level of scrutiny often doesn’t seem to hold true with chief executive changeovers outside the White House. According to a recent study by the Identity Defined Security Alliance (IDSA), only 34% of organizations revoke system access to employees on the day they leave. This is concerning as the cost to remediate insider threats is rising -- up by 31% between 2017 and 2019, from $8.76 million to $11.45 million, according to The Ponemon Institute’s Cost of Insider Threats study.

To combat this issue, businesses should have an extensive checklist with actions to protect sensitive information and systems, and should have automated processes in place to prevent any such a lag. However, most enterprises and security executives fail to take appropriate action when an IT administrator or security professional leaves, other than simply creating new credentials for the replacement. This often means the former employee is walking around with information and privileged access that could hurt the organization if distributed, sold, stolen or made public.

These dreaded scenarios have played out at companies around the globe, including Cisco, Amazon, Snapchat and Facebook. In fall 2018, five months after resigning from his position as an engineer, a Cisco employee admitted to accessing the company’s cloud infrastructure and wiping 16,000 Webex Teams employee accounts. According to the U.S. Department of Justice, the WebEx Teams accounts were shut down for up to two weeks and resulted in approximately $1,400,000 in damages.

In summer 2019, a former Amazon Web Services employee exploited a cloud misconfiguration at Capital One to access credit applications, Social Security numbers and/or bank account numbers of almost 110 million people in the U.S. and Canada. The AWS employee was located by the U.S. Federal Bureau of Investigation after she took to GitHub to brag about the data theft.

Similar to outgoing presidents and their staff, former employees with a motive can abuse their privileges to access information they deem valuable or useful in the future.

The best way to prevent these types of threats is to consolidate entitlements, control and visibility over privileged identities, and to take a Zero Trust approach to privileged authentication and access.

The importance of exit interviews

From both a leadership perspective and a security perspective, there is a strong argument for holding exit interviews with departing employees. It’s a good idea to collect feedback from former employees, but these interviews can also provide context to the Chief Security officer and the overall security team on potential threats down the road from possibly-disgruntled employees. From a tactical perspective, a termination checklist upon an employee’s departure is also recommended. This should include revoking all access – both physical and digital – as soon as someone leaves the company. Beyond the standard ID card, access code or key ring, security teams need to make sure every single privileged access is revoked.

Departments must work together

Similar to how the White House must determine what confidential information is accessible to which privileged staff members – yes, even former presidents – IT and security should strive to move away from using shared passwords and instead consolidate privileged identities. This includes leveraging a common enterprise authentication service across on-premises and cloud-based infrastructure, and empowering administrators to log in as themselves using entitlements granted in their centrally-managed identity repository so there is greater visibility and accountability.

Since many organizations rely on an HR management system as the source of record for all users in an organization, IT, security and HR must work together to prevent knowledge gaps. When an employee leaves an organization, security should not be an afterthought. When this happens, ex-employees can exploit the lag in access restriction, giving them time to download private files, wipe devices or steal customer data to use later.

Just as the Biden administration is working to avoid potential disruptions as it assumes office, organizations must prioritize the securing of employee transitions to avoid possible data theft or abuse. Operating with a Zero Trust mindset is the best – and we think, the only – way to approach securing an organization’s information. The legacy approach to privileged access management (PAM) is no longer sufficient, and requires a rethinking of how to protect against privileged access abuse in today’s dynamic threat landscape.

Changeover is inevitable at every organization, all the way up to the chief executive. Any former employee represents a risk that can be exploited if their identities and privileges are not also managed swiftly and successfully. If companies don’t take this potential access risk seriously, they could risk potentially damaging insider threats which can cost them time, money, reputation, trust, and ultimately customers.

KEYWORDS: insider threats risk analysis risk management risk mitigation security leadership

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Bill O’Neill is VP of Public Sector at Centrify.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC1119-AI1-Feat-slide_900px

    Reducing the Risks Posed by Artificial Intelligence

    See More
  • remote work/hybrid freepik

    Mitigating the risk posed by remote work

    See More
  • insider risk

    Inside the mind of an insider threat

    See More

Related Products

See More Products
  • facility manager.jpg

    The Facility Manager's Guide to Safety and Security

  • 150 things.jpg

    The Handbook for School Safety and Security

  • Physical-Security-and-Safet.gif

    Physical Security and Safety: A Field Guide for the Practitioner

See More Products

Events

View AllSubmit An Event
  • January 16, 2025

    Preparing for the 2025 Threat Landscape

    ON DEMAND: In 2024, businesses faced a barrage of critical events with far-reaching impacts. From record-breaking storms and costly infrastructure failures to contentious election cycles and sophisticated cyberattacks, companies are navigating an increasingly complicated threat landscape.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!