Lack of surprise over poor security

Research conducted by Varonis Systems found that over 50% of IT security professionals are not surprised that end users have access to more company data than they should have.

  • 9 years ago Posted in

The survey, undertaken recently at the largest security conferences in Europe and the U.S., Infosecurity Europe in London and RSA Conference in San Francisco, followed a Ponemon Institute study that revealed 71% of end users say they have access to company data that they should not see. In the more recent survey, 17% of respondents said they believe the true number is actually higher.


According to the latest Varonis findings, 59% of respondents were not surprised that more than three-quarters of employees claimed their organisations couldn’t tell them what happened to lost data, files or emails. A further 21% said they believe the number to be worse than this. These results demonstrate organisations’ inability to keep their data secure, with the likelihood of a breach high and the potential for damage significant. When a breach does occur, either due to an attacker that has gotten inside or an employee leaving with sensitive information, organisations would not be able to assess the scope of damage, determine where their data has gone, who took it and when, and would most likely not notice the theft for weeks or months, if ever.


“It is scary to think that this many people consider it normal for employees to have access to data that they shouldn’t have and for companies to not know where their missing data has gone,” said David Gibson, VP at Varonis. “Data doesn’t need to be missing in order to be stolen. Most organisations don’t track or analyse user activity on their unstructured data, and this makes it far too easy for an insider or an attacker that has gotten inside to steal data without being noticed. Without the proper controls around unstructured data, companies are leaving themselves open for all types of trouble. Organisations and their IT departments must – at the very least – start watching and analysing user activity to spot unusual or unwanted behaviour. It’s just too easy to breach the perimeter of a network and there are so many people already inside. Practically speaking, with all the cloud services, mobile devices, remote employees and contractors, there is no perimeter anymore. We need to focus on the data assets that need protecting – making sure we understand where it’s stored, that only the right people have access, and that we can track and analyse use to spot abuse.”

Commvault provides cloud-first organisations with greater choice and flexibility to protect and...
On the morning of September 20, Executive Director of the Board of Huawei and CEO of Huawei Cloud...
Global IT Business-to-Business (B2B) revenues, coming from data centers, IT services and devices,...
CrowdStrike has unveiled AI Security Posture Management (AI-SPM) and announced the general...
Research released recently shows that 67% of IT decision makers favour a hybrid hosting...
New private cloud contract re-affirms HPE GreenLake Cloud as a core pillar of Barclays’ hybrid...
CAS leverages upgraded mission-critical private cloud environment to support cutting-edge,...
AWS’s planned investments are estimated to contribute £14 billion to the UK’s total GDP over...