More than half of companies have sensitive files open to all employees
The latest data risk report from security company Varonis reveals that 53 percent of companies have at least 1,000 sensitive files open to all employees, putting them at risk of data breaches.
Keeping old sensitive data that risks fines under HIPAA, GDPR and the upcoming CCPA is a problem too. The report finds over half of data is stale and 87 percent of companies have over 1,000 stale sensitive files, with 71 percent having over 5,000 stale sensitive files.
Problems with passwords are highlighted as well with 38 percent of users having passwords that never expire, up from 10 percent last year. In addition 61 percent of companies have over 500 users with passwords that will never expire. 40 percent of companies have over 1,000 enabled, but stale, user accounts potentially giving former employees or contractors access to sensitive files.
"There are still problems out there and organizations still not paying enough attention to the data they hold which is quite incredible considering the world we live in at the moment," says Matt Lock, director of sales engineers at Varonis. "The fact that 53 percent of data is stale shows organizations are still hanging onto and gathering a wealth of information. There are so many risks associated with that, it’s not just the ongoing operational cost and backing up and managing the data, but it makes it so much more difficult to govern the data and to implement a least privilege model. It makes it harder too deal with data subject access requests too."
Looked at by business sector, retail organizations have the lowest number of exposed, sensitive files and seemed to do the best job of protecting their data overall. Financial services firms have the most exposed, sensitive files overall, while healthcare, pharmaceutical and biotech firms have the most exposed, sensitive files in each terabyte of data analyzed (4,691).
There are also concerns about the effect of shifting to hybrid data storage. "People are moving stuff to the cloud and with that you inherit even more risks," adds Lock. "You've invested a lot in protecting data on your premises, but when you put it in the cloud you're potentially making it available to everyone."
You can download the full report from the Varonis site.