Dec 9, 2014

New Study: Widespread Employee Access to Sensitive Files Puts Critical Data at Risk

Insiders With Too Much Access Are Most Likely the Cause of Data Leakage, Reports Varonis-Sponsored Survey of More Than 2,000 Employees

NEW YORK, NY -- (Marketwired) -- 12/09/14 -- Despite a growing number of data breaches occurring under the glare of the public spotlight, 71 percent of employees in a new survey report that they have access to data they should not see, and more than half say that this access is frequent or very frequent.

As attention shifts from sophisticated external attacks to the role that internal vulnerability and negligence often play, a new survey commissioned by Varonis Systems, Inc. and conducted by the Ponemon Institute suggests that most organizations are having difficulty balancing the need for improved security with employee productivity demands. Employees with needlessly excessive data access privileges represent a growing risk for organizations due to both accidental and conscious exposure of sensitive or critical data.

The survey report, "Corporate Data: A Protected Asset or a Ticking Time Bomb?" is derived from interviews conducted in October 2014 with 2,276 employees in the United States, United Kingdom, France, and Germany. Respondents included 1,166 IT practitioners and 1,110 end users in organizations ranging in size from dozens to tens of thousands of employees, in a variety of industries including financial services, public sector, health & pharmaceutical, retail, industrial, and technology and software.

Dr. Larry Ponemon, Chairman and Founder of The Ponemon Institute, a leading research center dedicated to privacy, data protection and information security policy, observed, "Data breaches are rampant and increasing. The sheer growth of both digital information and our dependence on it can overwhelm organizations' attempts to protect their sensitive data. This research surfaces an important factor that is often overlooked: employees commonly have too much access to data, beyond what they need to do their jobs, and when that access is not tracked or audited, an attack that gains access to employee accounts can have devastating consequences."

Lack of Control, Data Growth Hampering Productivity

Both IT practitioners and end users are witnessing a lack of control over employee access and use of company data, and the two groups generally concur that their organizations would overlook security risks before they would sacrifice productivity. Only 22 percent of employees surveyed believe their organizations as a whole place a very high priority on the protection of company data, and less than half of employees believe their organizations strictly enforce security policies related to use of and access to company data. Further, the proliferation of business data is already negatively impacting productivity -- making it harder for employees to find data they truly need and should be able to access, and to share appropriate data with customers, vendors and business partners.

Other key findings on control and oversight include:

Uncovering Internal Vulnerability

The findings also convey that both IT practitioners and end users agree that the compromise of employee accounts that can lead to external data breaches are most likely to be caused by insiders with too much access who are frequently unaware of the risks that they present. 50 percent of end users and 74 percent of IT practitioners believe that insider mistakes, negligence or malice are frequently or very frequently the cause of leakage of company data. And only 47 percent of IT practitioners say employees in their organizations take appropriate steps to protect the company data they access. When permissions management and auditing capabilities are not in place, employees' excessive access to data and their negligence for security are increasingly putting company data at risk.

Other key findings on root causes of data breaches include:

Yaki Faitelson, Varonis Co-Founder and CEO, said, "These findings should be a wake-up call to any organization that stores information about its customers, employees or business partners, which means almost any business or institution in today's world. There has been so much focus and investment on protecting the perimeter, but the most fundamental building blocks of security that protect the data inside -- access controls and auditing -- are often left behind. Unnecessary access combined with a lack of auditing capability adds up to inevitable disaster. Now we see that lack of control and oversight is impacting employee productivity as well, as they struggle to find and get access to data and share it easily and securely with business partners. Varonis is helping thousands of organizations around the world address these challenges in ways that not only reduce risk dramatically but actually improve productivity and efficiency at the same time."

Further Information
For a full copy of the study, go to http://www.varonis.com/research/why-are-data-breaches-happening . For more information on Varonis' solution portfolio, please visit www.varonis.com, visit our blog, and join the conversation on Facebook, Twitter, LinkedIn, YouTube.

About the Ponemon Institute
The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in a variety of industries. For more information, visit http://www.ponemon.org.

About Varonis
Varonis Systems, Inc. (NASDAQ: VRNS), is the leading provider of software solutions for unstructured, human-generated enterprise data. Varonis provides an innovative software platform that allows enterprises to map, analyze, manage and migrate their unstructured data. Varonis specializes in human-generated data, a type of unstructured data that includes an enterprise's spreadsheets, word processing documents, presentations, audio files, video files, emails, text messages and any other data created by employees. This data often contains an enterprise's financial information, product plans, strategic initiatives, intellectual property and numerous other forms of vital information. IT and business personnel deploy Varonis software for a variety of use cases, including data governance, data security, archiving, file synchronization, enhanced mobile data accessibility and information collaboration. As of September 30, 2014, Varonis had approximately 3,000 customers, spanning leading firms in the financial services, public, healthcare, industrial, energy & utilities, technology, consumer and retail, education and media & entertainment sectors.

PDF Attachment Available: http://www.varonis.com/research/why-are-data-breaches-happening/ponemon-infographic.pdf

News Media Contact:
Natalie Rizk
CTP
617-412-4000 x227
nrizk@ctpboston.com

Source: Varonis Systems, Inc.

News Provided by Acquire Media