How companies continue to expose sensitive data to threats

SmartNA PortPlus - High Performance Visibility Solutions that scale with your network.

A new study from the Varonis Data Lab found that on average, 21% of a company’s folders were accessible to every employee, and 41% of companies had at least 1,000 sensitive files open to all employees.

expose sensitive data

The report, based on analysis of data risk assessments conducted by Varonis in 2017 for customers and potential customers on their file systems, shines a spotlight on several issues that put organizations at risk from data breaches, insider threats and ransomware attacks, such as:

  • Oversubscribed and global access groups giving far too many employees access to sensitive data
  • Unmanaged stale and sensitive data regulated by SOX, HIPAA, PCI, GDPR and other standards
  • Inconsistent and broken permissions that open security loopholes for hackers
  • “Ghost” users that can log in to their accounts and access information despite being inactive
  • User passwords that never expire.

Findings from the report include:

  • 58% of organizations have more than 100,000 folders open to all employees
  • 21% of folders were accessible to every employee
  • 41% had at least 1,000 sensitive files open to all employees
  • On average, 54% of an organization’s data was stale, which adds to storage costs and complicates data management
  • On average, 34% of user accounts are enabled, but stale, “ghost” users who still have access to files and folders
  • 46% of organizations had more than 1,000 users with passwords that never expire.

expose sensitive data

“It only takes one leaked sensitive file to cause a headline-making data breach,” said Varonis Technical Evangelist Brian Vecci. “And we’re seeing hundreds of thousands of exposed sensitive folders in our risk assessments. Executives and Board members are starting to understand how much of their data is at risk, and they need to know these exposed folders can be fixed. We’ve seen how one unpatched server can lead to a disaster; a single “unpatched” folder can be just as disastrous, and it doesn’t take an expert or sophisticated code to exploit it.”