Alarming data reveals why most companies are easy prey for cyber attackers

Varonis Systems, Inc. a provider of software solutions that protect data from insider threats and cyberattacks, has revealed a staggering level of exposure to cyber attackers in corporate file systems.

The results of a year-long collection of anonymous data seen during risk assessments for potential customers included the fact that an average of 9.9 million files per assessment were accessible by every employee in the company. The study is based on a limited subset of customers’ file systems.

Of the insights gleaned from dozens of customer risk assessments conducted in mid-to-large enterprises prior to remediation, in a subset of each company’s file systems, Varonis found the average company had:

  • 35.3 million files, stored in 4 million folders, meaning the average folder has 8.8 files
  • 1.1 million folders, or an average of 28% of all folders, with “everyone” group permission enabled –open to all network users
  • 9.9 million files that were accessible by every employee in the company regardless of their roles
  • 2.8 million folders, or 70% of all folders, contained stale data — untouched for the past six months
  • 25,000 user accounts, with 7,700 of them or 31% “stale” – having not logged in for the past 60 days, suggesting former employees, employees who changed roles, or consultants and contractors whose engagements have ended

The ‘everyone’ group is a common convenience for permissions when originally set up. That mass access also makes it astonishingly easy for hackers to steal company data.

Among individual companies’ lowlights that were gleaned from the Varonis risk assessments were:

  • In one company, every employee had access to 82% of the 6.1 million total folders.
  • Another company had more than 2 million files containing sensitive data (credit card, social security or account numbers) that everyone in the company could access.
  • 50% of another company’s folders had “everyone” group permission and more than 14,000 files in those folders were found to contain sensitive data.
  • A single company had more than 146,000 stale users – accounts whose users had not logged in for the past 60 days. That’s nearly three times more users than the average FORTUNE 500 company has total employees.

David Gibson, VP of Strategy and Market Development at Varonis, said, “Although this data presents a bleak look at the average enterprise’s corporate file system environment, the organisations running these risk assessments are taking these challenges seriously.

Most of them have since implemented Varonis, embracing a more holistic view of the data on their file and email systems and closing these gaping, often unseen security holes before the next major breach causes heavy damage.

“Our software is able to provide a granular look at where sensitive data lives, where it is over-exposed within an organisation, who is accessing that data, and how to lock it down,” said Gibson. “While that remediation process is running, our ability to start detecting and stopping many types of insider threats has been a major revelation for our customers.”

Comment on this article below or via Twitter: @ VanillaPlus OR @jcvplus

RECENT ARTICLES
Cross-section of a submarine telecommunication cable

Telxius expands submarine cable route from Dominican Republic to Puerto Rico

Posted on: May 2, 2024

Global connectivity provider Telxius is opening its latest submarine cable route with the extension of SAm-1 between Punta Cana in the Dominican Republic to Puerto Rico. The route is in

Read more
Close up men shaking hands with

TPG Telecom and Optus to expand Australian mobile network coverage

Posted on: May 1, 2024

TPG Telecom and Optus have announced that they have signed network sharing agreements to create a regional Multi-Operator Core Network (MOCN) to extend TPG Telecom’s 4G and 5G mobile network

Read more