Lack of surprise over poor security

Research conducted by Varonis Systems found that over 50% of IT security professionals are not surprised that end users have access to more company data than they should have.

  • 9 years ago Posted in

The survey, undertaken recently at the largest security conferences in Europe and the U.S., Infosecurity Europe in London and RSA Conference in San Francisco, followed a Ponemon Institute study that revealed 71% of end users say they have access to company data that they should not see. In the more recent survey, 17% of respondents said they believe the true number is actually higher.


According to the latest Varonis findings, 59% of respondents were not surprised that more than three-quarters of employees claimed their organisations couldn’t tell them what happened to lost data, files or emails. A further 21% said they believe the number to be worse than this. These results demonstrate organisations’ inability to keep their data secure, with the likelihood of a breach high and the potential for damage significant. When a breach does occur, either due to an attacker that has gotten inside or an employee leaving with sensitive information, organisations would not be able to assess the scope of damage, determine where their data has gone, who took it and when, and would most likely not notice the theft for weeks or months, if ever.


“It is scary to think that this many people consider it normal for employees to have access to data that they shouldn’t have and for companies to not know where their missing data has gone,” said David Gibson, VP at Varonis. “Data doesn’t need to be missing in order to be stolen. Most organisations don’t track or analyse user activity on their unstructured data, and this makes it far too easy for an insider or an attacker that has gotten inside to steal data without being noticed. Without the proper controls around unstructured data, companies are leaving themselves open for all types of trouble. Organisations and their IT departments must – at the very least – start watching and analysing user activity to spot unusual or unwanted behaviour. It’s just too easy to breach the perimeter of a network and there are so many people already inside. Practically speaking, with all the cloud services, mobile devices, remote employees and contractors, there is no perimeter anymore. We need to focus on the data assets that need protecting – making sure we understand where it’s stored, that only the right people have access, and that we can track and analyse use to spot abuse.”

Talent and training partner, mthree, which supports major global tech, banking, and business...
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
GPUaaS provides customers on-demand access to powerful accelerated resources for AI, machine...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.