parisgargoyles100651815orig
Security

Corporate file systems have 'staggering level of exposure'

New data released yesterday by Varonis Systems, a specialist in insider threat protection, illuminates one reason so many companies are easy prey for cyberattackers: They fail to use permissions to limit access to valuable data.

Using anonymous data collected from the risk assessments it conducted for potential customers in 2015, Varonis says it found a "staggering level of exposure" in corporate systems, including an average of 9.9 million files per assessment that were accessible by every employee in the company.

Varonis used data from dozens of customer risk assessments of mid-to-large enterprises. In a subset of each company's file systems, Varonis found the average company had the following:

  • 35.3 million files, stored in four million folders, meaning the average folder has 8.8 files.
  • 1.1 million folders, or an average of 28 percent of all folders, with "everyone" group permission enabled, open to all network users.
  • 9.9 million files that were accessible by every employee in the company regardless of their roles.
  • 2.8 million folders, or 70 percent of all folders, that contained "stale data" that had been untouched for the past six months.
  • 25,000 user accounts, with 7,700 of them (31 percent) stale — having not logged in for the past 60 days, suggesting former employees, employees who changed roles or consultants and contractors whose engagements had ended.

The company notes that the "everyone" group is a common convenience for permissions when originally set up, but such mass access makes it very easy for attackers to steal company data.

Some of the individual lowlights Varonis discovered include the following:

  • One company in which every employee had access to 82 percent of its 6.1 million total folders.
  • Another company which had more than two million files containing sensitive data (credit card, social security or account numbers) that everyone in the company could access.
  • Yet another company in which 50 percent of the company's folders had "everyone" group permission, and more than 14,000 files in those folders were found to contain sensitive data.
  • Still another company that had more than 146,000 stale users — nearly three times more users than the average Fortune 500 company has total employees.

"Although this data presents a bleak look at the average enterprise's corporate file system environment, the organizations running these risk assessments are taking these challenges seriously," David Gibson, vice president of Strategy and Market Development at Varonis, said in a statement yesterday.

He notes that many of them went on to implement Varonis' platform in an effort to remediate their file system issues.

Varonis put together the infographic belows based on its findings.

(Click for larger image.)

IDG Insider

PREVIOUS ARTICLE

« HTC will unveil its next flagship device on April 12

NEXT ARTICLE

Report: Android N's freeform window mode hints at desktop future »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Poll

Do you think your smartphone is making you a workaholic?