Data theft: Restraint in access rights
According to a survey of more than 3,000 employees and IT professionals in the U.S. and Europe, three out of four organizations have been affected by data loss or theft in the past two years - a dramatic increase from 2014 results.
The main cause of increasing data loss and theft, according to the study conducted by Varonis Systems at Ponemon Institute commissioned study, attacks on accounts held by insiders. The situation is further exacerbated by the fact that employees and third parties have far more generous access rights than necessary. Another reason is that many organizations still do not monitor access and activity in their email and file systems, where most confidential and sensitive data resides.
The report "Closing Security Gaps to Protect Corporate Data: A Study of U.S. and European Organizations" was compiled from interviews conducted in April and May 2016 with 3027 employees in Germany, France, the United Kingdom, and the United States. Respondents included 1371 end users and 1656 IT and IT security professionals from companies with from a few dozen to several tens of thousands of employees across a range of industries, including financial services, public sector, healthcare and life sciences, retail, industrial, and technology and software.
Key findings of the study at a glance:
- Seventy-six percent of IT professionals say their organization has lost data or had data stolen in the past two years. This is a significant increase compared to the Study from 2014At the time, only 67 percent of IT experts gave this answer.
- According to IT experts, the risk of insider accounts being hacked is more than twice as high for negligent employee behavior than for other risk factors such as external attackers, malicious employees or suppliers.
- Ransomware is a major concern for 78 percent of IT experts. This is malware that blocks access to files until a certain amount of money is paid as a "ransom". Fifteen percent of the organizations surveyed have already fallen victim to ransomware. Only just under half of them noticed the attack within the first 24 hours.
- 88 percent of end users say they need access to proprietary information such as customer data, contact lists, employee data, financial reports, confidential company documents or other sensitive information to do their job. In 2014, that number was significantly lower at 76 percent.
- Sixty-two percent of end users additionally report being able to access corporate data that is likely not intended for their eyes.
- Only 29 percent of IT experts confirm that their company rigorously implements the principle of minimal rights assignment to ensure that insiders can only access the corporate data they really need.
- Only 25 percent of companies monitor all employee and third-party email and file activity. In contrast, 38 percent do not monitor these activities at all.
- 35 percent of organizations do not have searchable data on file system activity. Thus, they are unable to find out which files have been encrypted by ransomware, for example.
Larry Ponemon, Chairman and Founder of the Ponemon Institute: "Despite all the technology available and the huge increase in media reports of hacking attacks, data protection incidents are still on the rise. The most valuable information at stake in most cases is unstructured data such as emails and internal company documents. When emails and files are released, it is most often an incident that permanently damages a company's reputation. This study shows why hackers can cause so much damage: Too many employees can access far more data than is necessary for their job. Furthermore, when activities of employees using valuable data are not documented or monitored, it makes it all too easy for hackers and malicious insiders to steal data undetected."