Get Wise to the Ghosts in the Machine
A new survey, commissioned by ConSentry, highlights the threat to corporate networks from temporary workers, contractors and other guest users.
What comes across is a lack of awareness of how to deal with these "corporate ghosts" as the report calls them; the people, who, flit in and out of company buildings and LANs on a regular basis.
For example, 82 per cent of businesses questioned said they experienced moderate to high levels of non-permanent workers accessing the network. But, while 74 per cent of respondents claimed to have measures in place to prevent malware spreading; only 59 per cent were fully satisfied with their existing policy.
Even worse, one in four respondents admitted they had no specific controls in place for contractors, even though 41 per cent provided network access to temporary workers.
Finally, 94 per cent of respondents believed there was an increased need for ID-based control. The question is: why aren't they doing it?
According to the survey, the answer lies in a lack of resources and the lag between implementation of security policies and fast-changing trends in work practice.
This is no excuse. The practice of contract and temporary working has been growing for years, and relevant access management policies should have been factored in. It seems that organisations have failed to grasp the sheer level of ghost working that characterises the UK's much-vaunted flexible workforce.
As the report makes clear, the temp worker is not a threat per se, but their behaviour and situation make them more vulnerable to malware and inadvertent security breaches.
A permanent employee is more likely to be loyal to their employer and take responsibility for security. A contractor is unlikely to develop such affinities. As well as keeping up with the numbers, CISOs need to get wise to the phantoms in their midst.