Varonis Finds Out-of-Control Permissions
April 30, 2019
employee has access to 17 million files, according to the new report
Data Gets Personal:
2019 Global Data Risk Report from the Varonis Data
Lab. For the report, Varonis Systems analyzed 54 billion
files -- nearly 10 times the files in the 2018 report -- from Data Risk
Assessments performed on 785 companies from over 30 industries. The
report shines a light on security issues that put organizations at risk
from data breaches, insider threats and crippling malware attacks.
It only takes one compromised login or one leaked sensitive file to make
headlines: 53% of companies found more than 1,000 exposed, sensitive
files and 40% of their user accounts were enabled, but stale.
from the 2019 Global Data Risk Report include:
permissions expose sensitive files and folders to every
° 1.2 million folders, or 22%, were
accessible to every employee.
° 53% of companies had at least 1,000 sensitive files
open to all employees.
User passwords that never expire give hackers ample time
to brute-force logins.
° 38% of users had passwords that never
expire, up from 10% last year.
° 61% of companies have over 500 users with passwords
that will never expire.
raise the risk of fines under HIPAA, GDPR and the
° 87% of companies have over 1,000 stale
° 71% of companies have over 5,000 stale sensitive
“Ghost” users give former employees and contractors
unnecessary access to information.
° 50% of user accounts were stale.
° 40% of companies had over 1,000 enabled, but stale,
Industries and regions vary when it comes to protecting
their most sensitive information.
° Financial services firms
found the most exposed, sensitive files overall.
° Healthcare, pharmaceutical and biotech
firms found the most exposed, sensitive files
in each terabyte that they analyzed.
° EMEA organizations averaged the
most exposed, sensitive files per terabyte.
after the GDPR and nearly six months before the California
Consumer Privacy Act, companies continue to fall even
farther behind and need to secure their data,” said Varonis
Field CTO Brian Vecci. “Today, most CISOs assume that it’s
just a matter of time before their security perimeter will
be breached, which underscores the importance of data
protection. The level of sensitive data exposure and
oversubscribed access that most organizations are living
with should set off alarm bells for corporate boards and