Every Employee Can Access 17 Million Files, Warns Varonis 2019 Global Data Risk Report

Companies face regulatory fines and cybersecurity threats; yet on average, 53% of companies have over 1,000 exposed sensitive files, survey reveals


NEW YORK, April 29, 2019 (GLOBE NEWSWIRE) -- Every employee has access to 17 million files, according to the new report Data Gets Personal: 2019 Global Data Risk Report from the Varonis Data Lab. For the report, Varonis Systems, Inc. (NASDAQ:VRNS) analyzed 54 billion files -- nearly 10 times the files in the 2018 report -- from Data Risk Assessments performed on 785 companies from over 30 industries. The report shines a light on security issues that put organizations at risk from data breaches, insider threats and crippling malware attacks.

It only takes one compromised login or one leaked sensitive file to make headlines: 53% of companies found more than 1,000 exposed, sensitive files and 40% of their user accounts were enabled, but stale.

Key findings from the 2019 Global Data Risk Report include:        

  • Out-of-control permissions expose sensitive files and folders to every employee.
      °  1.2 million folders, or 22%, were accessible to every employee.
      °  53% of companies had at least 1,000 sensitive files open to all employees.
  • User passwords that never expire give hackers ample time to brute-force logins.
      °  38% of users had passwords that never expire, up from 10% last year.
      °  61% of companies have over 500 users with passwords that will never expire.
  • Stale sensitive files raise the risk of fines under HIPAA, GDPR and the upcoming CCPA.
      °  87% of companies have over 1,000 stale sensitive files.
      °  71% of companies have over 5,000 stale sensitive files.
  • “Ghost” users give former employees and contractors unnecessary access to information.
      °  
    50% of user accounts were stale.
      °  40% of companies had over 1,000 enabled, but stale, users.
  • Industries and regions vary when it comes to protecting their most sensitive information.
      °  Financial services firms found the most exposed, sensitive files overall.
      °  Healthcare, pharmaceutical and biotech firms found the most exposed, sensitive files in each terabyte that they analyzed.
      °  EMEA organizations averaged the most exposed, sensitive files per terabyte.

Get the Report: Data Gets Personal: 2019 Global Data Risk Report from the Varonis Data Lab

“One year after the GDPR and nearly six months before the California Consumer Privacy Act, companies continue to fall even farther behind and need to secure their data,” said Varonis Field CTO Brian Vecci. “Today, most CISOs assume that it’s just a matter of time before their security perimeter will be breached, which underscores the importance of data protection. The level of sensitive data exposure and oversubscribed access that most organizations are living with should set off alarm bells for corporate boards and shareholders.”

About Varonis Data Risk Assessments: Varonis performs Data Risk Assessments for companies that want to understand where sensitive and classified data reside in their IT environment, learn how much of it is overexposed and vulnerable, and receive recommendations to reduce their risk. After a Data Risk Assessment, one IT professional commented, “Our biggest surprise was to finally know how much sensitive data was actually out there living on our servers.”

Additional Resources

About Varonis
Varonis is a pioneer in data security and analytics, fighting a different battle than conventional cybersecurity companies. Varonis focuses on protecting enterprise data on premises and in the cloud: sensitive files and emails; confidential customer, patient and employee data; financial records; strategic and product plans; and other intellectual property. The Varonis Data Security Platform detects insider threats and cyberattacks by analyzing data, account activity, perimeter telemetry and user behavior; prevents and limits disaster by discovering, classifying and locking down sensitive, regulated and stale data; and efficiently sustains a secure state with automation. With a focus on data security, Varonis serves a variety of use cases including data protection, threat detection and response, and compliance. Varonis started operations in 2005 and, as of December 31, 2018, had approximately 6,600 customers worldwide — comprised of industry leaders in many sectors including technology, consumer, retail, financial services, healthcare, manufacturing, energy, media, and education.


            

Contact Data