The Identity Blog

Background image

It’s a Good Thing I’m Not Bitter: How Easy It’d be to Wreak Havoc On My Previous Employer

Before joining SecZetta, I worked at a B2B company for just over a decade.  I absolutely loved my time there, and I still have nothing but the fondest of feelings for the organization, the people I worked with, and the work we did together there.

And it’s a good thing that I don’t have an ounce of bitterness or ill feelings towards my former employer, because it’d be quite easy for me to disrupt their business!  Even though I left the organization over six months ago, today I could:

  • Log into the Admin View of their LinkedIn page that I still have access to and remove the 10,000+ followers of the company. 10,000+ clients, prospects, and partners that have taken years to accumulate – wiped clean with a few clicks of a button.
  • Log into the customer dashboard and lift credit card numbers. You’re not supposed to store the numbers in the “Notes” section, but it wasn’t enforced so I’ll bet I could find a dozen with ease.
  • Peek in their CRM, export their active pipeline and try to sell it to someone at a competitive org. Think I’ll be able to find a salesperson who’s willing to bend his/her ethics and dish out a few hundred bucks for a list of companies with buying intent and a confirmed budget? 😉
  • Access the marketing automation platform and send an email to every single person in the organization’s database (100,000+ people) informing everyone that they’ll get the popular $1,750 product for “the low, low price of $500” if they click and pay via a “special” link.

You get the picture — but, like I said, I’m not bitter.  BUT…what if I was?  Or an even scarier scenario — what if I were one of the contractors that had the exact same access that I had, but didn’t have a decade’s worth of warm and fuzzy feelings?

Lifecycle management and removing access permissions that a user has when they leave your organization isn’t just vital to do with your employees.  In fact, I’d argue it’s even MORE important that the access the contractor, partner, affiliate, volunteer, student, or ‘insert your third-party worker type here’ is removed the millisecond access it is no longer needed.

Otherwise, you’re at the mercy of someone who may be bitter.  Or opportunistic.  Or desperate.  Since working at SecZetta, I’ve heard from several companies who dealt with cyber-criminal groups bribing a supplier into giving up their credentials.  I predict we’re in early innings with this trend.  As inflation and recession fears rage, cybercriminals are going to take advantage.  They’ll apply pressure where they can and try to force their way in.  They’re good at it, too — a 2022 IDSA study found that 84% of organizations experienced an identity-related breach in the last year.

Are you willing to leave your company’s financial future at the mercy of a contractor that worked for your organization for three weeks?  Or a former affiliate who left your organization for greener pastures, but it didn’t turn out like he expected?  This may sound like hyperbole, but I assure you it’s not.

It reminds me of a question that I’ve heard asked several times here at SecZetta- “How many unknown identities does it take inside one of your systems to be a risk?” If you answered more than one, you answered too many. It only takes one unknown identity or entity to bring your company down, to lock up your servers, to vanish your funds, to bleed terabytes of data out of your organization. Just one.

The threat outlined above is the primary reason I left the fine folks at my previous company to join SecZetta.  There’s just so much at stake, and the reality is most organizations have an identity gap with their third-party lifecycle management.  SecZetta has built a solution that provides better transparency into the dynamic relationships that organizations have with each individual third-party identity. We reduce risk, increase operational efficiency, and cut costs.  We help protect you from the bad actors that are actively knocking at your door, and that’s a worthy cause.

If you haven’t already, I’d implore you to take a self-guided tour of SecZetta’s Third-Party Identity Risk Solution by clicking here.  It’s a great way to get to know our easy-to-use and purpose-built third-party identity lifecycle solution that’s helped so many organizations become more secure and efficient.