Cyber threat hunting: Stop zombie accounts from attacking your business

Mike Valle

October is for spooky season and cybersecurity awareness month. To mark the occasion, we are focusing on an especially scary topic: zombie accounts

Zombie accounts, or abandoned accounts, are user accounts left with no verifiable owner. This can happen when employees, including interns and contractors, leave a company, and their accounts are never shut down. It can also happen if businesses do not stay on top of their dormant accounts. 

In a system with so many users, it can be hard to track account usage in real-time without an automated process. However, as more accounts are left open in a system, a business becomes more vulnerable to a security breach.

In the spirit of cyber threat hunting and fending off zombie accounts, we will discuss three steps businesses can take to prevent zombie accounts from haunting their security operations.

1. Implement cloud security best practices to hunt down zombie accounts.

A fundamental practice of identity management is regularly reviewing and cleaning up user accounts. Here’s how to go about it.

  • Plan access reviews on a monthly, quarterly, or annual basis, depending on your organization’s size, complexity, and compliance requirements.
  • Prioritize resources and user accounts that are more critical or higher risk. 
  • Work with Human Resources to identify accounts associated with former employees.
  • Perform access reviews and document findings to set up a clear record for future reviews.

2. Create strong password policies.

Set up robust password policies for your employees to reduce the risk of unauthorized access. Here’s how. 

  • Develop a unique password policy that includes a minimum length of at least eight characters and a combination of uppercase and lowercase letters, numbers, and symbols. 
  • Encourage employees to change their passwords regularly and create passwords that are hard to guess.
  • Enforce Multi-Factor Authentication (MFA) programs for all accounts to add another layer of data protection.
  • Educate employees on password policies by creating training sessions and extending MFA opportunities through internal communications.

3. Establish clear account deactivation workflows.

For account deactivation to go smoothly, establishing a clear workflow is essential. Here’s how.

  • Decide when and why end-user accounts should be deactivated, such as after a short period of inactivity, the end of a contractor’s/intern’s contract, or the departure of an employee.
  • Use cloud tools like GCP Workflows, Cloud Functions, or Cloud Essentials to automate the deactivation process.
  • Regularly schedule meetings with stakeholders to discuss results and ensure workflows remain effective.

By implementing these steps, businesses can manage zombie accounts, control system access, enhance security, and protect their cloud environment from attacks.

Contact Us

Contact Us

"*" indicates required fields

This field is for validation purposes and should be left unchanged.