Is Your Organization Leaving the Door Open to Cyber Crime?

Software security expert Varonis has released its 2017 Data Risk Report, and the findings are eye-opening. Nearly half of organizations are falling short when it comes to protecting their sensitive data. Here’s a closer look at some need-to-know numbers, along with why it’s incumbent on today’s organizations to step up their efforts.

By the Numbers

“In data breaches, files and emails are often targeted because they are high value assets and usually vulnerable to misuse by insiders and outsiders that transgress the perimeter. While organizations focus on perimeter defenses and chasing threats, the data itself is left broadly accessible and unmonitored,” says Varonis.

The numbers speak for themselves, including the following:

  • 47 percent of organizations had at least 1,000 sensitive files open to every employee.
  • 22 percent of organizations had 12,000 or more sensitive files open to every employee.
  • 71 percent of all folders contained stale data—the equivalent of nearly two petabytes of data.

In total, more than 48 million folders were open to global access groups, meaning they were accessible across an entire organization.

The Varonis report also included third-party research from Ponemon, revealing the following:

  • 59 percent of organizations don’t enforce a least privilege model for access to data.
  • 62 percent of employees have access to company data they “probably shouldn’t see.”
  • 64 percent of organizations don’t audit how data is used and report on its abuse.

Why It Matters

The Business Continuity Institute’s (BCI) Horizon Scan Survey 2017 revealed that the ability to protect, manage and access information was a paramount concern for organizations. More specifically, cyber attacks, data breaches, and unplanned IT and telecom outages topped the list of perceived threats to business continuity—marking the third consecutive year that data breaches and cyber attacks garnered top spots in the survey.

Says BCI, “Cyber attacks and data breaches continue to cost organizations billions of dollars annually, a sum that is only likely to go up with the increasing integration of new pieces of technology into daily operations and the consequent reliance on connectivity. Cutting-edge devices, such as those belonging to the so-called ‘Internet of Things’, are offering great opportunities for organizations but this can come at the cost of increased vulnerability to hostile actors. It is essential therefore to be aware of these vulnerabilities and to devise suitable plans and responses to the threats to continuity they represent. Only by doing so can your organization be considered resilient.”

The takeaway for business leaders? Despite the prevalence of technology-related issues among horizon-scanning exercises, most organizations are failing to take even the most basic measures to protect themselves. Until they do, they are essentially positioning themselves in the defensive posture of “not if but when” when it comes to cyber crime.

But the news doesn’t have to be all grim. Proposes BCI, “With challenges come opportunities. Change does not have to mean less favorable environments, but the landscape may be different. As organizations venture into uncharted territory now is the time to identify and undertake the measures that will increase resilience within your organization by ensuring that effective business continuity planning is in place.”