More than 50% of Companies Have Over 1,000 Exposed Sensitive Files, Warns Varonis 2019 Global Data Risk Report

technology
#1

Companies face regulatory fines and cybersecurity threats yet fail to protect their sensitive data, survey reveals

NEW YORK – April 29, 2019 – 22% of a company’s folders are accessible, on average, to every employee, according to the new report Data Gets Personal: 2019 Global Data Risk Report from the Varonis Data Lab. For the report, Varonis Systems, Inc. (NASDAQ:VRNS) analyzed more than 54 billion files – nearly 10 times the files in the 2018 report – from Data Risk Assessments performed on more than 700 companies from over 30 industries.

The report shines a light on security issues that put organizations at risk from data breaches, insider threats and crippling malware attacks.

Key findings from the 2019 Global Data Risk Report include:

  • Out-of-control permissions expose sensitive files and folders to every employee.

  • 53% of companies had at least 1,000 sensitive files open to all employees.

  • 22% of all folders were accessible, on average, to every employee.

  • User passwords that never expire give hackers ample time to brute-force logins.

  • 38% of users had passwords that never expire, up from 10% last year.

  • 61% of companies have over 500 users with passwords that will never expire.

  • Stale sensitive files raise the risk of fines under HIPAA, GDPR and the upcoming CCPA.

  • 87% of companies have over 1,000 stale sensitive files.

  • 71% of companies have over 5,000 stale sensitive files.

  • “Ghost” users give former employees and contractors unnecessary access to information.

  • 50% of user accounts were stale.

  • 40% of companies had over 1,000 enabled, but stale, users.

  • Industries and regions vary when it comes to protecting their most sensitive information.

  • Retail organizations had the lowest number of exposed, sensitive files and seemed to do the best job of protecting their data overall. Financial services firms found the most exposed, sensitive files overall. Healthcare, pharmaceutical and biotech firms found the most exposed, sensitive files in each terabyte that they analyzed (4,691).

  • APAC organizations found that less than 1% of their files were sensitive, but 26% of them were exposed. EMEA organizations found sensitive data in 3% of their files, but only 15% of them were exposed. In EMEA, each terabyte averaged 4,724 exposed, sensitive files.

Get the Report: Data Gets Personal: 2019 Global Data Risk Report from the Varonis Data Lab

“One year after the GDPR and nearly six months before the CCPA, companies continue to fall even farther behind and need to secure their data,” said Varonis Field CTO Brian Vecci. “Today, most CISOs assume that it’s just a matter of time before their security perimeter will be breached, which underscores the importance of data protection. The level of sensitive data exposure and oversubscribed access that most organizations are living with should set off alarm bells for corporate boards and shareholders.”

About Varonis Data Risk Assessments: Varonis performs Data Risk Assessments for companies that want to understand where sensitive and classified data reside in their IT environment, learn how much of it is overexposed and vulnerable, and receive recommendations to reduce their risk. After a Data Risk Assessment, one IT professional commented, “Our biggest surprise was to finally know how much sensitive data was actually out there living on our servers.”

Additional Resources

About Varonis

Varonis is a pioneer in data security and analytics, fighting a different battle than conventional cybersecurity companies. Varonis focuses on protecting enterprise data on premises and in the cloud: sensitive files and emails; confidential customer, patient and employee data; financial records; strategic and product plans; and other intellectual property. The Varonis Data Security Platform detects insider threats and cyberattacks by analyzing data, account activity, perimeter telemetry and user behavior; prevents and limits disaster by discovering, classifying and locking down sensitive, regulated and stale data; and efficiently sustains a secure state with automation. With a focus on data security, Varonis serves a variety of use cases including data protection, threat detection and response, and compliance. Varonis started operations in 2005 and, as of December 31, 2018, had approximately 6,600 customers worldwide — comprised of industry leaders in many sectors including technology, consumer, retail, financial services, healthcare, manufacturing, energy, media, and education.