The Insiders' Risk
Answers to a rhetorical questions - do most organizations are having difficulty balancing the need for improved security with employee productivity demands. Well, yes!
A report, "Corporate Data: A Protected Asset or a Ticking Time Bomb?" is derived from interviews conducted in October 2014 based on survey commissioned by Varonis Systems, Inc. and conducted by the Ponemon Institute surfaces an important factor that is often overlooked: employees commonly have too much access to data, beyond what the This research surfaces an important factor that is often overlooked: employees commonly have too much access to data, beyond what they need to do their jobs, and when that access is not tracked or audited, an attack that gains access to employee accounts can have devastating consequences."
key findings on control and oversight include:
- 71 percent of end users say that they have access to company data they should not be able to see.
- 54 percent of those end users who have access they shouldn't characterize that access as frequent or very frequent.
- 4 in 5 IT practitioners (80 percent) say their organizations don't enforce a strict least-privilege (or need-to-know) data model.
- Only 22 percent of employees say their organization is able to tell them what happened to lost data, files or emails.
- 48 percent of IT practitioners say they either permit end users to use public cloud file sync services or permission is not required.
- 73 percent of end users believe the growth of emails, presentations, multimedia files and other types of company data has very significantly or significantly affected their ability to find and access data.
- 43 percent of end users say it takes weeks, months or longer to be granted access to data they request access to in order to do their jobs, and only 22 percent report that access is typically granted within minutes or hours.
- 60 percent of IT practitioners say it is very difficult or difficult for employees to search and find company data or files they or their co-workers have created that isn't stored on their own computers.
- 68 percent of end users say it is difficult or very difficult to share appropriate data or files with business partners such as customers or vendors.