More than half of companies have over 1,000 exposed sensitive fileshttps://securityitsummit.co.uk/wp-content/uploads/2019/07/Varonis_Matt-Lock-Photo.jpg 960 640 Guest Post Guest Post https://secure.gravatar.com/avatar/cb2a67f15cd7d053d8e638a1df3fd67f?s=96&d=mm&r=g
By Matt Lock (pictured), Director of Sales Engineers UK, Varonis
All an attacker needs to steal your valuable data is access.
Unfortunately, many companies unknowingly give attackers access to their critical data. Personal identifying information on employees and customers, intellectual property, and more can easily make their way from secured systems to unprotected files and emails.
To make matters worse, companies don’t have time to update global access groups, fail to archive old data, and skip monitoring who has access to what information. Once attackers slip through the cracks, they — and corrupt insiders alike — have the access they need to steal your data.
To shed light on the state of overexposed data, we analysed a random sample of 785 Data Risk Assessments, including more than 54 billion files. The results, available in the report Data Gets Personal: 2019 Global Data Risk Report from the Varonis Data Lab reveal that companies are failing to shore up their sensitive data.
Some key findings from the report include:
- Every employee, on average, can access 17 million files.
- More than half (53%)of companies had at least 1,000 sensitive files open to all employees.
- Over one in five (22%) of all folders were accessible, on average, to every employee.
- 38% of users had passwords that never expire, up from 10% last year.
- Six in 10 companies had over 1,000 enabled, but stale, “ghost” users — accounts belonging to former employees that can still access your network.
- Financial services firms had the most exposed sensitive files, with an average of 3,791 exposed, sensitive files per TB.
- Retail organisations had the lowest number of exposed sensitive files, with an average of 858 exposed, sensitive files per TB.
Despitedire warnings of heavy fines under the GDPR and the steady stream of breaches and attacks in the news, companies are not prioritising their data. Take action with a data-centric security approach to ensure you are not giving malicious insiders and external attackers an all-access pass to your data.