Why are orphaned accounts considered a security concern?

Orphaned accounts are considered a security concern primarily because they belong to inactive users. When an employee leaves an organization or a user no longer requires access, their accounts might not be deactivated or removed promptly. This can lead to potential security risks, as these accounts can still have access to sensitive information and resources, making them an attractive target for malicious actors who could exploit them.

Inactive user accounts may remain vulnerable if they retain outdated permissions, which could allow unauthorized access to systems. Additionally, since these accounts are not actively monitored, any suspicious activity could go unnoticed, further increasing the risk of data breaches or security incidents.

In contrast, while excess permissions can indeed be a security concern, the defining feature of orphaned accounts is their association with inactive users, not the permissions themselves. Monitoring of accounts, whether active or not, typically aims to keep systems secure, not enhance vulnerabilities. Similarly, the verification of users does not apply to orphaned accounts as there is no active user to verify when they are no longer involved with the organization.