47% of Organizations Had at Least 1,000 Sensitive Files Accessible to Every Employee, Reveals Varonis Data Risk Report
April 25 2017 - 8:00AM
Varonis Systems, Inc. (NASDAQ:VRNS), a leading provider of software
solutions that protect data from insider threats and cyberattacks,
today revealed the results from the Varonis Data Risk Report,
showcasing an alarming level of exposure for corporate and
sensitive files across organizations, including an average of 20%
of folders per organization open to every employee.
Using the Varonis Data Security Platform (DSP), Varonis
conducted over a thousand risk assessments for customers and
potential customers on a subset of their file systems. The
assessment provides insight into the risks associated with
corporate data, identifies where sensitive and regulatory data
resides, reveals over-exposed and high risk areas, and makes
recommendations to increase their data security posture.
Additional key findings from the report include:
- 236.5 million folders containing 2.8 billion files, comprising
3.79 petabytes of data were analyzed.
- Of that figure, 48,054,198 folders were open to “global access
groups,” or groups that grant access to the entire
organization.
- 47% of organizations had at least 1,000 sensitive files open to
every employee; 22% had 12,000 or more sensitive files exposed to
every employee.
- 71% of all folders contained stale data, accounting for almost
2 petabytes of data.
- 24.4 million folders had unique permissions, increasing
complexity and making it more difficult to enforce a least
privilege model and comply with regulations like General Data
Protection Regulation (GDPR).
Failure to reduce the use of global access groups, lock down
sensitive files and dispose of stale data exposes an organization
to data breaches, insider threats and crippling ransomware
attacks. A recent Ponemon study found that 62% of end users
say they have access to company data they probably should not see,
and a Forrester Consulting study found that 59% don’t enforce a
need-to-know permissions model for sensitive files.
Individual company risks identified during the assessments
include:
- 35% of an insurance firm’s 86.4 million folders were open to
every employee.
- 80% of a banking institution’s 245,575 sensitive files were
accessible to every employee.
- Another banking institution had 11.6 million folders with
unique permissions, complicating its efforts to reduce file access
on a need-to-know basis.
“In data breaches and ransomware attacks, files are targeted
because they are high value assets and usually vulnerable to misuse
by insiders and outsiders that transgress the perimeter. While
organizations focus on outer defenses and chasing threats, the data
itself is left broadly accessible and unmonitored,” said Ken
Spinner, VP of Field Engineering at Varonis. “Organizations
participate in our risk assessments because they understand the
value of their data and the risk it poses for being stolen or
abused. We applaud their efforts in taking the first step towards
mitigating risk.”
“We found files with sensitive PII in places it should not have
been,” said a Chief Security Officer for a state and local
government in a recent TechValidate customer survey.
According to that same survey, 68% of end users perform a risk
assessment to validate security concerns, 95% agree that the risk
assessment helped them identify at-risk, sensitive and classified
data and build a plan of attack to reduce the likelihood of a data
breach, and 82% rate global access remediation a top priority after
seeing the results.
“The initial assessment gets the immediate attention of
management, which then assists in building and executing the
internal remediation process,” said a Security Manager at a
beverage company in the same TechValidate customer survey. “Varonis
does an excellent job of identifying internal data security
vulnerabilities.”
The Varonis Data Risk Report showcases the findings from a
random sampling of 80 risk assessments conducted for customers and
potential customers between January to December of 2016 across 12
countries and 33 industries, and within organizations with 50 to
more than 10,000 employees. All organizational identifiers have
been removed.
Additional Resources
- Read the full Data Risk Report:
www.varonis.com/data-risk-report-2017.
- See why organizations perform a risk assessment and the
benefits they receive:
www.techvalidate.com/portals/why-organizations-perform-a-varonis-risk-assessment.
- For more information on Varonis' solution portfolio, please
visit www.varonis.com.
- Visit our blog, and join the conversation on Facebook, Twitter,
LinkedIn, Podcast and YouTube.
About VaronisVaronis is a leading provider of
software solutions that protect data from insider threats and
cyberattacks. Through an innovative software platform, Varonis
allows organizations to analyze, secure, manage, and migrate their
volumes of unstructured data. Varonis specializes in file and email
systems that store valuable spreadsheets, word processing
documents, presentations, audio and video files, emails, and text.
This rapidly growing data often contains an enterprise's financial
information, product plans, strategic initiatives, intellectual
property, and confidential employee, customer or patient records.
IT and business personnel deploy Varonis software for a variety of
use cases, including data security, governance and compliance, user
behavior analytics, archiving, search, and file synchronization and
sharing. With offices and partners worldwide, Varonis had
approximately 5,350 customers as of December 31, 2016, spanning
leading firms in financial services, healthcare, public,
industrial, insurance, energy and utilities, media and
entertainment, consumer and retail, technology and education
sectors.
News Media Contact:
Jennifer LuPiba
614-338-9889
jlupiba@varonis.com
Varonis Systems (NASDAQ:VRNS)
Historical Stock Chart
From Mar 2024 to Apr 2024
Varonis Systems (NASDAQ:VRNS)
Historical Stock Chart
From Apr 2023 to Apr 2024