New study: Excessive employee access rights to confidential information endanger the company and increase risks

Original author: Natalie Rizk
  • Transfer
Excessive access insiders are often the culprits of a data leak, according to a survey of more than 2,000 employees conducted under the auspices of Varonis.


NEW YORK CITY - (Marketwired) - 09/12/2014 - Despite the growing number of data leaks that are widely publicized, 71 percent of employees surveyed said they could access data that they should not see, and more than half said they get such access often or very often.

Today, when more and more attention is paid not only to protection from high-tech external attacks, but also to the role often played by internal vulnerability and negligence, a new poll conducted by Varonis Systems, Inc. Ponemon Institute shows that most organizations find it difficult to find the right balance between the need to protect information and the requirements of employee productivity. Employees with excessive data access rights pose an ever-increasing risk to organizations in terms of random and / or intentional disclosure of confidential data.

The survey report, “Corporate data: protected assets or a time bomb?” Was compiled on the basis of surveys conducted in October 2014 by 2,276 employees of companies in the USA, UK, France and Germany. The respondents included 1166 IT specialists and 1110 end users from organizations with dozens to several thousand employees and operating in various sectors of the economy, including the financial and public sectors, medicine and the pharmaceutical industry, wholesale, manufacturing, technology, and computer development .

Dr. Larry Ponemon, head and founder of the Ponemon Institute, a leading research center for the study of personal data protection and information security policies, commented: “Data leaks are becoming more threatening and frequent. The rapid growth of both the amount of digital information and our dependence on it jeopardizes the efforts of companies to protect their confidential data. This study reveals a very important factor that is often overlooked: company employees have too much access to data, even if they are not needed for work, and when this access is not monitored and not controlled, an attack aimed at accessing employee accounts can have disastrous consequences. ”

Lack of control and data growth slows productivity.

Both IT professionals and end users show a lack of control over the potential access of employees and the actual use of company data. Both groups generally agree that their organizations should reconsider their attitude to security risks until they have an impact on the manufacturing process. Only 22 percent of employees surveyed believe that their organizations generally give sufficient priority to the protection of company data, and less than half of employees believe that their organizations have an effective information protection policy related to access and use of corporate data. Moreover, a sharp increase in the volume of information already negatively affects productivity - it makes it difficult for employees to find relevant data, forcing them to spend time or even create documents anew,

Additional information about data usage control suggests the following:

● 71 percent of users say they have access to corporate data that they should not see

● 54 percent of redundant access holders say they use it often or very often

● 4 out of 5 specialists iT and information security (80 percent) say their organization does not have a policy of limiting the rights of access to data to the minimum necessary by virtue of their duties staff

● Only 22 percent of employees say they are about -organization is able to find the lost files or e-mails

● 73 percent of users believe that the growth in e-mails, presentations, multimedia files and other types of corporate data severely or very severely limits their ability to quickly find and use relevant data.

● 43 percent of users say that it takes weeks or months to gain access to the data they need to work, and only 22 percent say that it usually takes minutes or hours to get it

● 60 percent of IT and information security experts say that it is difficult or very difficult for employees to search and find corporate data or files that they or their colleagues created in a timely manner

● 68 percent of end-users say that it’s difficult or very difficult for them to share the necessary information or files with business partners, such as customers or salespeople,

Survey results also show that IT and information security experts, as well as business users, agree that excessive access by insiders significantly increases risks and can lead to both a decrease in productivity and business problems.
50 percent of business users and 74 percent of IT professionals believe that corporate data leaks are often caused by insider errors, negligence, or malice. Only 47 percent of IT and information security experts believe that their organizations are making enough efforts to protect corporate data.

An analysis of the main causes of data leakage says the following:

● 76 percent of users claim that due to official necessity they need access to customer data, personal files of employees, financial statements and other confidential documents

● 38 percent of users claim that they themselves or their colleagues can access the “data set”, which, in their opinion, they should not be able to access

● Only 47 percent of iT professionals and information security say that the end users in their organizations are taking the right steps to protect corporate data available to them

● 76 percent ntov users believe that in some cases allowed to transfer the working papers on their personal devices, with which agreed only 13 percent of IT professionals and information security

● 49 percent of IT and information security experts say it is unlikely that if they lose documents, files, or mail messages, their organization will be able to find out where they went

● 67 percent of IT and information security experts say that over the past two years Losses or thefts of corporate data have occurred in the organization, but among business users, only 44 percent of employees are aware of such cases

Yaki Faitelson, founder and CEO of Varonis, said: “Such results should seriously puzzle every company that stores information about its customers, employees and business partners, that is, almost any business in the modern world. We see that the protection of the external perimeter has been given a lot of attention and investment, while the fundamental principles of information security and data protection within the organization have often been neglected and are still neglected, although they are no less important. Excessive access combined with a lack of controls over the use of data in total give the inevitability of business losses, and sometimes lead to disastrous consequences. We see that the lack of control and management mechanisms reduces employee productivity,

About the Ponemon Institute.

The activities of the Ponemon Institute are aimed at increasing responsibility for the use of information by employees and the implementation of information protection practices in business and government institutions. To achieve these goals, the institute conducts independent research, conducts seminars with leaders of both private and public organizations, and tests the practice of protecting information and data in various companies from different sectors of the economy.

About Varonis.

Today, Varonis is a leading developer and manufacturer of innovative solutions for managing unstructured and partially structured data. The company provides solutions for access control, data usage control, corporate search and synchronization in a private cloud for data stored on windows / unix / NAS file storages, SharePoint portals, Exchange mail servers and Active Directory. Varonis solutions are installed worldwide, in more than 3,000 companies operating in the fields of finance and healthcare, technology and media, energy and manufacturing, in government and educational institutions.

Also popular now: