Unstructured data still overshared inside and outside organizations

The number of overshared files rose 450 percent compared to the same quarter in 2020, highlighting the significant impact of the pandemic and remote work on data security.

Oversharing files increases cybersecurity risk

Concentric captured user data in production deployments from companies in the technology, financial, and healthcare sectors to reveal how organizations create, use, and manage data. The company scanned more than 110 million unstructured data files to discover business-critical and sensitive documents that are overshared via link sharing, inappropriate external sharing, internal permission misconfigurations, and incomplete/incorrect document classifications. Oversharing increases the risk an organization will lose data, violate compliance or privacy mandates, or experience cybercrime.

Organizations average 439,000 files at-risk due to oversharing. That translates to 210 at-risk files per employee (up significantly from 38 files per employee in Q1 2020, a 452-percent increase). Link-based risky sharing is up to 65,000 documents per enterprise, up from 56,000 in Q4 2020 (the company started tracking link sharing risks in Q3 2020).

Similar to previous reports, this new report analyzed production data and reflects actual user practices and real-world data risk exposures.

Most data is unstructured

• Nearly 35 percent of unstructured data is business-critical – that’s 3.1 million files in an average organization. Of those business-critical files, 14 percent can be seen by internal or external users who should not have access.
• 229,000 business-critical files were erroneously classified and inappropriately accessible by other employees. To illustrate, nearly 23 percent of all unstructured data contained PII and were not marked appropriately.
• More than 33 percent of files processed were duplicates (15 percent) or near-duplicates (20 percent). Maintaining multiple variant copies of sensitive information (often with insecure file permissions, prohibited locations, or improper file classifications) can create legal and regulatory risks, as well as significant unnecessary storage costs.
• 85 percent of at-risk files were overshared with users or groups within the company, while 15 percent of business-critical files were overshared with external third parties.

“More than 80 percent of an organization’s data is unstructured, meaning it’s embedded in the millions of financial reports, corporate strategy documents, source code files, and contracts created every year,” said Karthik Krishnan, Concentric CEO. “As our quarterly Data Risk Reports continue to show, unstructured data is still largely unseen, unexplored and insecure, and too often overshared inside and outside organizations.”