Alarming Data Reveals Why Most Companies Are Easy Prey for Cyber Attackers
LONDON, UK, March 22, 2016 – Varonis Systems, Inc. today revealed the results of a year of anonymous data collected during risk assessments conducted for potential customers on a limited subset of their file systems. The 2015 results show a staggering level of exposure in corporate file systems, including an average of 9.9 million files per assessment that were accessible by every employee in the company.
Of the insights gleaned from dozens of customer risk assessments conducted in mid-to-large enterprises prior to remediation, in a subset of each company’s file systems, Varonis found the average company had:
35.3 million files, stored in 4 million folders, meaning the average folder has 8.8 files
- 1.1 million folders, or an average of 28% of all folders, with “everyone” group permission enabled –open to all network users
- 9.9 million files that were accessible by every employee in the company regardless of their roles
- 2.8 million folders, or 70% of all folders, contained stale data – untouched for the past six months
- 25,000 user accounts, with 7,700 of them or 31% “stale” – having not logged in for the past 60 days, suggesting former employees, employees who changed roles, or consultants and contractors whose engagements have ended
Some individual companies’ lowlights that were gleaned from the Varonis risk assessments:
In one company, every employee had access to 82% of the 6.1 million total folders.
- Another company had more than 2 million files containing sensitive data (credit card, social security or account numbers) that everyone in the company could access.
- 50% of another company’s folders had “everyone” group permission and more than 14,000 files in those folders were found to contain sensitive data.
- A single company had more than 146,000 stale users – accounts whose users had not logged in for the past 60 days. That’s nearly three times more users than the average FORTUNE 500 company has total employees.