58% of Organizations Have More Than 100,000 Folders Open to Every Employee, Reveals Varonis Data Risk Report

Despite enormous consequences of this addressable challenge, companies continue to expose sensitive information to insider threats, ransomware and other risks

NEW YORK, April 04, 2018 (GLOBE NEWSWIRE) -- Varonis Systems, Inc. (NASDAQ:VRNS), a pioneer in data security and analytics, today released a report revealing alarming insight into the prevalence and severity of overexposed and unprotected files and emails on corporate networks worldwide. Most notably, the study, Data Under Attack: 2018 Global Data Risk Report from the Varonis Data Lab, found that on average, 21% of a company’s folders were accessible to every employee, and 41% of companies had at least 1,000 sensitive files open to all employees.

The report, based on analysis of Data Risk Assessments conducted by Varonis in 2017 for customers and potential customers on their file systems, shines a spotlight on several issues that put organizations at risk from data breaches, insider threats and crippling ransomware attacks, such as:

  • Oversubscribed and global access groups giving far too many employees access to sensitive data
  • Unmanaged stale and sensitive data regulated by SOX, HIPAA, PCI, GDPR and other standards
  • Inconsistent and broken permissions that open security loopholes for hackers
  • “Ghost” users that can log in to their accounts and access information despite being inactive
  • User passwords that never expire

Findings from the report include:

  • 58% of organizations have more than 100,000 folders open to all employees
  • 21% of folders were accessible to every employee
  • 41% of organizations had at least 1,000 sensitive files open to all employees
  • On average, 54% of an organization’s data was stale, which adds to storage costs and complicates data management
  • On average, 34% of user accounts are enabled, but stale, “ghost” users who still have access to files and folders
  • 46% of organizations had more than 1,000 users with passwords that never expire

“Too many organizations are drowning in an ocean of unsecured and overexposed data, yet have little or no indication that they’re in danger,” said John Carlin, former Assistant Attorney General for the U.S. Department of Justice’s National Security Division and currently chair of Morrison & Foerster’s global risk & crisis management practice. “Attackers take advantage of security missteps and shortcuts to gain access to secure systems and sensitive files. Posing as insiders, they can take their time perusing critical information for political, personal and economic gain -- in fact, some of the biggest breaches in history resulted from unrestricted user access.”

“The Varonis Data Risk Report speaks to the ongoing and increasing need for continued diligence in executing business-aligned security programs,” says Optiv Chief Marketing Officer Peter Evans. “Assessing a company’s business requirements first, and starting with an “inside-out” view on risk, can identify and prioritize gaps in security program execution across tools, processes – such as global access – and data. Technology can automate these processes, for both detection and remediation – thereby optimizing security, while increasing efficacy.”

“It only takes one leaked sensitive file to cause a headline-making data breach,” said Varonis Technical Evangelist Brian Vecci. “And we’re seeing hundreds of thousands of exposed sensitive folders in our risk assessments. Executives and board members are starting to understand how much of their data is at risk, and they need to know these exposed folders can be fixed. We’ve seen how one unpatched server can lead to a disaster; a single “unpatched” folder can be just as disastrous, and it doesn’t take an expert or sophisticated code to exploit it.”

About the Global Data Security Report: The 2018 Global Data Risk Report is a consolidated report that captures findings of Data Risk Assessments performed on 130 organizations – a representative sample from more than 30 industry segments and sizes. For this year's report, Varonis analyzed more than 6 billion files, more than double the number in our 2017 report, with an average of 36,242 user accounts, 3,531,978 folders and 48,051,109 files per company.

About Varonis Data Risk Assessments: Every year, Varonis performs Data Risk Assessments for organizations that want to understand where sensitive and classified data reside in their IT environment, learn how much of it is overexposed and vulnerable, and receive recommendations to reduce their risk profile. After a Data Risk Assessment, one IT professional commented, “Our biggest surprise was to finally know how much sensitive data was actually out there living on our servers.”

Additional Resources

About Varonis
Varonis is a pioneer in data security and analytics, fighting a different battle than conventional cybersecurity companies. Varonis focuses on protecting enterprise data: sensitive files and emails; confidential customer, patient and employee data; financial records; strategic and product plans; and other intellectual property. The Varonis Data Security Platform detects insider threats and cyberattacks by analyzing data, account activity and user behavior; prevents and limits disaster by locking down sensitive and stale data; and efficiently sustains a secure state with automation. With a focus on data security, Varonis serves a variety of use cases, including governance, compliance, classification and threat analytics. Varonis started operations in 2005 and, as of December 31, 2017, had approximately 6,250 customers worldwide - comprised of industry leaders in many sectors including financial services, healthcare, public, industrial, insurance, energy and utilities, consumer and retail, education, media and entertainment and technology. 

News Media Contacts:
Rachel Hunt
Varonis Systems, Inc.
877-292-8767 (ext. 4247)

Mia Damiano
Merritt Group, Inc.

Investor Relations Contact:
Yun Kim
Varonis Systems, Inc.

A photo accompanying this announcement is available at: http://www.globenewswire.com/NewsRoom/AttachmentNg/e0040136-cb13-41ad-896a-cf401448897f

Infographic: Global Data Risk