New research: excessive employee access rights to confidential information expose the company to risks and increase risks
Excess-access insiders are often responsible for data breaches, according to a survey of more than 2,000 employees conducted under the auspices of Varonis.
NEW YORK - (Marketwired) - 09/12/2014 - Despite the growing number of data leaks that are widely publicized, 71 percent of the employees interviewed said they could access data that they shouldn’t see, and more than half said that they get such access often or very often.
')
Today, when more and more attention is paid not only to protection against high-tech external attacks, but also to the role that internal vulnerability and negligence often play, a new survey initiated by Varonis Systems, Inc. the Ponemon Institute shows that most organizations find it difficult to find the right balance between the need to protect information and the requirements of employee productivity. Employees with redundant data access rights represent an ever-increasing risk to organizations in terms of accidental and / or intentional publicity of confidential data.
The survey report, “Corporate data: protected assets or a time bomb?” Was compiled on the basis of surveys conducted in October 2014 of 2,276 employees of companies in the United States, United Kingdom, France and Germany. The number of respondents included 1,166 IT specialists and 1,110 end-users from organizations with a few dozen to several thousand employees and operating in various sectors of the economy, including the financial and public sector, medicine and the pharmaceutical industry, wholesale sales, manufacturing, technology and computer development .
Dr. Larry Ponemon, head and founder of the Ponemon Institute, a leading research center for the study of personal data protection and information security policies, commented: “Data leaks are becoming more threatening and frequent. The rapid growth of both the amount of digital information and our dependence on it jeopardizes the efforts of companies to protect their confidential data. This study reveals a very important factor that is often overlooked: employees of companies have too wide access to data, even if they do not need them for work, and when this access is not monitored and not controlled, an attack in order to access employee accounts can be disastrous. ”
Lack of control and data growth hamper performance.
Both IT specialists and end users testify to the lack of control over potential employee access and actual use of company data. Both groups generally agree that their organizations should reconsider their attitude to security risks until they have had an impact on the production process. Only 22 percent of the employees surveyed believe that their organizations as a whole give sufficient priority to protecting company data, and less than half of employees believe that their organizations have an effective information protection policy related to the access and use of corporate data. Moreover, a sharp increase in the amount of information already negatively affects productivity - it makes it difficult for employees to find relevant data, forcing them to waste time or even re-create documents without being able to find them
Additional information about data usage control suggests the following:
● 71 percent of users claim that they have access to corporate data that they are not supposed to see
● 54 percent of excess access holders claim to use it often or very often
● 4 out of 5 IT and IS specialists (80 percent) claim that their organization does not have a policy to restrict data access rights to the minimum required by virtue of official duties of employees
● Only 22 percent of employees say their organization is able to find lost files or emails.
● 73 percent of users believe that the growth in the volume of e-mails, presentations, multimedia files and other types of corporate data severely or very severely limits their ability to quickly find and use actual data.
● 43 percent of users claim that it takes weeks or months to gain access to the data they need for work, and only 22 percent say that obtaining such access usually takes minutes or hours
● 60 percent of IT and IS specialists say that it is difficult or very difficult for employees to search and find corporate data or files that they or their colleagues have created in a timely manner.
● 68 percent of end users claim that it is difficult or very difficult for them to share necessary information or files with business partners, such as customers or vendors.
The survey results also show that IT and IS specialists, as well as business users, agree that excessive access by insiders significantly increases risks and can lead to poor performance as well as business problems.
50 percent of business users and 74 percent of IT professionals believe that corporate data leaks are often caused by mistakes, negligence, or malicious intent of insiders. Only 47 percent of IT and IS specialists believe that their organizations are making enough efforts to protect corporate data,
An analysis of the underlying causes of data leakage says the following:
● 76 percent of users claim that because of business need, they need access to customer data, employee personal affairs, financial reports and other confidential documents.
● 38 percent of users claim that they or their colleagues can access the “data set” to which, in their opinion, they should not have access
● Only 47 percent of IT and IS specialists say that end-users in their organizations are taking the right steps to protect corporate data available to them.
● 76 percent of users believe that in some cases it is acceptable to transfer work documents to their personal devices, with which only 13 percent of IT and information security specialists agree
● 49 percent of IT and information security specialists claim that it is unlikely that in case of loss of documents, files or email messages, their organization will be able to find out where they went.
● 67 percent of IT and IS specialists say that over the past two years, corporate data has been lost or stolen in their organization, but among business users, only 44 percent of employees are aware of such cases
Yaki Faitelson, founder and CEO of Varonis, said: “These results should seriously perplex every company that stores information about its customers, employees and business partners, that is, almost any business in the modern world. We see that much attention and investment was paid to the issues of protecting the external perimeter, while the fundamental principles of information security and data protection within an organization are often neglected and neglected so far, although they are no less important. Excessive access combined with a lack of controls over the use of data add up to the inevitability of business losses, and sometimes lead to disastrous consequences. We see that the lack of control and management mechanisms reduces the productivity of employees who spend time getting the access they need, finding relevant data or collaborating with business partners. ”
About the Ponemon Institute.
The activities of the Ponemon Institute are aimed at increasing responsibility in the use of information by employees and the introduction of information protection practices in business and government institutions. To achieve these goals, the institute conducts independent research, conducts seminars with leaders of both private and public organizations, and tests information and data protection practices in various companies from different sectors of the economy.
About Varonis.
Today, Varonis is a leading developer and manufacturer of innovative solutions for managing unstructured and partially structured data. The company provides solutions for managing access rights, data usage control, corporate search and private cloud synchronization for data stored on windows / unix / NAS file storage, SharePoint portals, Exchange mail servers and Active Directory. Varonis solutions are installed worldwide, in more than 3,000 companies operating in the fields of finance and healthcare, technology and media, energy and manufacturing, in government and educational institutions.
NEW YORK - (Marketwired) - 09/12/2014 - Despite the growing number of data leaks that are widely publicized, 71 percent of the employees interviewed said they could access data that they shouldn’t see, and more than half said that they get such access often or very often.
')
Today, when more and more attention is paid not only to protection against high-tech external attacks, but also to the role that internal vulnerability and negligence often play, a new survey initiated by Varonis Systems, Inc. the Ponemon Institute shows that most organizations find it difficult to find the right balance between the need to protect information and the requirements of employee productivity. Employees with redundant data access rights represent an ever-increasing risk to organizations in terms of accidental and / or intentional publicity of confidential data.
The survey report, “Corporate data: protected assets or a time bomb?” Was compiled on the basis of surveys conducted in October 2014 of 2,276 employees of companies in the United States, United Kingdom, France and Germany. The number of respondents included 1,166 IT specialists and 1,110 end-users from organizations with a few dozen to several thousand employees and operating in various sectors of the economy, including the financial and public sector, medicine and the pharmaceutical industry, wholesale sales, manufacturing, technology and computer development .
Dr. Larry Ponemon, head and founder of the Ponemon Institute, a leading research center for the study of personal data protection and information security policies, commented: “Data leaks are becoming more threatening and frequent. The rapid growth of both the amount of digital information and our dependence on it jeopardizes the efforts of companies to protect their confidential data. This study reveals a very important factor that is often overlooked: employees of companies have too wide access to data, even if they do not need them for work, and when this access is not monitored and not controlled, an attack in order to access employee accounts can be disastrous. ”
Lack of control and data growth hamper performance.
Both IT specialists and end users testify to the lack of control over potential employee access and actual use of company data. Both groups generally agree that their organizations should reconsider their attitude to security risks until they have had an impact on the production process. Only 22 percent of the employees surveyed believe that their organizations as a whole give sufficient priority to protecting company data, and less than half of employees believe that their organizations have an effective information protection policy related to the access and use of corporate data. Moreover, a sharp increase in the amount of information already negatively affects productivity - it makes it difficult for employees to find relevant data, forcing them to waste time or even re-create documents without being able to find them
Additional information about data usage control suggests the following:
● 71 percent of users claim that they have access to corporate data that they are not supposed to see
● 54 percent of excess access holders claim to use it often or very often
● 4 out of 5 IT and IS specialists (80 percent) claim that their organization does not have a policy to restrict data access rights to the minimum required by virtue of official duties of employees
● Only 22 percent of employees say their organization is able to find lost files or emails.
● 73 percent of users believe that the growth in the volume of e-mails, presentations, multimedia files and other types of corporate data severely or very severely limits their ability to quickly find and use actual data.
● 43 percent of users claim that it takes weeks or months to gain access to the data they need for work, and only 22 percent say that obtaining such access usually takes minutes or hours
● 60 percent of IT and IS specialists say that it is difficult or very difficult for employees to search and find corporate data or files that they or their colleagues have created in a timely manner.
● 68 percent of end users claim that it is difficult or very difficult for them to share necessary information or files with business partners, such as customers or vendors.
The survey results also show that IT and IS specialists, as well as business users, agree that excessive access by insiders significantly increases risks and can lead to poor performance as well as business problems.
50 percent of business users and 74 percent of IT professionals believe that corporate data leaks are often caused by mistakes, negligence, or malicious intent of insiders. Only 47 percent of IT and IS specialists believe that their organizations are making enough efforts to protect corporate data,
An analysis of the underlying causes of data leakage says the following:
● 76 percent of users claim that because of business need, they need access to customer data, employee personal affairs, financial reports and other confidential documents.
● 38 percent of users claim that they or their colleagues can access the “data set” to which, in their opinion, they should not have access
● Only 47 percent of IT and IS specialists say that end-users in their organizations are taking the right steps to protect corporate data available to them.
● 76 percent of users believe that in some cases it is acceptable to transfer work documents to their personal devices, with which only 13 percent of IT and information security specialists agree
● 49 percent of IT and information security specialists claim that it is unlikely that in case of loss of documents, files or email messages, their organization will be able to find out where they went.
● 67 percent of IT and IS specialists say that over the past two years, corporate data has been lost or stolen in their organization, but among business users, only 44 percent of employees are aware of such cases
Yaki Faitelson, founder and CEO of Varonis, said: “These results should seriously perplex every company that stores information about its customers, employees and business partners, that is, almost any business in the modern world. We see that much attention and investment was paid to the issues of protecting the external perimeter, while the fundamental principles of information security and data protection within an organization are often neglected and neglected so far, although they are no less important. Excessive access combined with a lack of controls over the use of data add up to the inevitability of business losses, and sometimes lead to disastrous consequences. We see that the lack of control and management mechanisms reduces the productivity of employees who spend time getting the access they need, finding relevant data or collaborating with business partners. ”
About the Ponemon Institute.
The activities of the Ponemon Institute are aimed at increasing responsibility in the use of information by employees and the introduction of information protection practices in business and government institutions. To achieve these goals, the institute conducts independent research, conducts seminars with leaders of both private and public organizations, and tests information and data protection practices in various companies from different sectors of the economy.
About Varonis.
Today, Varonis is a leading developer and manufacturer of innovative solutions for managing unstructured and partially structured data. The company provides solutions for managing access rights, data usage control, corporate search and private cloud synchronization for data stored on windows / unix / NAS file storage, SharePoint portals, Exchange mail servers and Active Directory. Varonis solutions are installed worldwide, in more than 3,000 companies operating in the fields of finance and healthcare, technology and media, energy and manufacturing, in government and educational institutions.
Source: https://habr.com/ru/post/250107/
All Articles