With increased connectivity continuing to grow for manufacturers, data protection is becoming more vital, but it appears over half the companies have over 1,000 sensitive files exposed to all employees, a new report found.
With sensitive information available to everyone at a company, the next move is there will have to be more accountability for data protection and privacy.
Organizations that perform risk assessments learn how attackers may exploit their data protection weaknesses before a data breach, so they can prioritize remediation tasks and bolster their defenses, said researchers at Varonis Data Lab in a new report.
To shed light on data risk, Varonis examined over 700 Data Risk Assessments performed by their engineers to understand the prevalence and severity of exposed sensitive files and evaluate what companies are doing:
• The average company found 534,465 sensitive files, 117,317 (17 percent) of those which were accessible to every employee
• 53 percent of companies found over 1,000 sensitive files accessible to every employee
• 22 percent of folders were open to everyone
• 51 percent of companies found over 100,000 folders open every employee
• 53 percent of data, on average, was stale
• 58 percent of companies found over 1,000 stale user accounts
• On average, companies analyzed 70 TB of data
• On average, companies found 3,441 exposed, sensitive files per terabyte
• On average, companies found 28,645 exposed folders per terabyte
The 2019 Global Data Risk Report is a report that captures findings of Data Risk Assessments performed on 785 organizations – a representative sample from many industry segments and sizes.
Varonis performs Data Risk Assessments for organizations that want to understand where sensitive and classified data reside in their growing hybrid environments, learn how much of it is overexposed and vulnerable, and receive recommendations to reduce their risk profile.
In the 2019 report, Varonis analyzed over 54 billion files, a ten-fold increase over the 6.2 billion files analyzed in the 2018 report.
Overexposed data presents a major risk to organizations regardless of size, industry or location.
This report encompasses Data Risk Assessments performed in more than 30 countries and across 30+ industries including pharma and biotech; manufacturing; energy and utilities; technology; financial services; healthcare; government (local, state, and national) and defense, and education.
Most organizations have applied permissions to more folders than they can realistically manage: The average terabyte had almost 17,000 uniquely permissioned folders. That means someone has granted permissions to that folder for a specific user or group. These folders will need ongoing review to make sure permissions stay current. Permissions may contain individual users and groups of users — on average, each terabyte of data contained 3,400 user access control entries (ACEs).
Click here to download the report.