Organisations are failing to safeguard the folders on their systems and the sensitive data contained within them according to a new report from Varonis.
The company's study, Data Under Attack: 2018 Global Data Risk Report from the Varonis Data Lab, found that on average, 21 per cent of a company's folders were accessible to every employee and 41 per cent of organisations had at least 1,000 sensitive files open to their entire staff.
Based on analysis of Data Risk Assessments conducted by Varonis in 2017, the report shed light on several issues that put organisations at risk from a number of cyber threats including data breaches, ransomware attacks and insider threats such as global access groups that give employees access to sensitive data, unmanaged stale and sensitive data, inconsistent and broke permissions that open security loopholes for hackers, “ghost” users that can log into their accounts and access information despite being inactive and user passwords that never expire.
Varonis' report also found that 58 per cent of organisations have more than 100,000 folders open to all employees. This poses a serious risk of possible insider threats since 41 per cent of organisations had at least 1,000 sensitive files open to all of their employees. Additionally, the report discovered that on average, 54 per cent of an organisation's data was stale which increases storage costs and complicates data management.
Varonis Tecnical Evangelist, Brian Vecci offered further insight on the findings of the report, saying:
“It only takes one leaked sensitive file to cause a headline-making data breach. And we’re seeing hundreds of thousands of exposed sensitive folders in our risk assessments. Executives and board members are starting to understand how much of their data is at risk, and they need to know these exposed folders can be fixed. We’ve seen how one unpatched server can lead to a disaster; a single “unpatched” folder can be just as disastrous, and it doesn’t take an expert or sophisticated code to exploit it.”
As the the amount of data collected by businesses has grown significantly, organisations must make it a priority to restrict access to sensitive data and ensure the data they do retain is still relevant and useful.
Image Credit: Sergey Nivens / Shutterstock