Lack of surprise over poor security

Research conducted by Varonis Systems found that over 50% of IT security professionals are not surprised that end users have access to more company data than they should have.

  • 9 years ago Posted in

The survey, undertaken recently at the largest security conferences in Europe and the U.S., Infosecurity Europe in London and RSA Conference in San Francisco, followed a Ponemon Institute study that revealed 71% of end users say they have access to company data that they should not see. In the more recent survey, 17% of respondents said they believe the true number is actually higher.


According to the latest Varonis findings, 59% of respondents were not surprised that more than three-quarters of employees claimed their organisations couldn’t tell them what happened to lost data, files or emails. A further 21% said they believe the number to be worse than this. These results demonstrate organisations’ inability to keep their data secure, with the likelihood of a breach high and the potential for damage significant. When a breach does occur, either due to an attacker that has gotten inside or an employee leaving with sensitive information, organisations would not be able to assess the scope of damage, determine where their data has gone, who took it and when, and would most likely not notice the theft for weeks or months, if ever.


“It is scary to think that this many people consider it normal for employees to have access to data that they shouldn’t have and for companies to not know where their missing data has gone,” said David Gibson, VP at Varonis. “Data doesn’t need to be missing in order to be stolen. Most organisations don’t track or analyse user activity on their unstructured data, and this makes it far too easy for an insider or an attacker that has gotten inside to steal data without being noticed. Without the proper controls around unstructured data, companies are leaving themselves open for all types of trouble. Organisations and their IT departments must – at the very least – start watching and analysing user activity to spot unusual or unwanted behaviour. It’s just too easy to breach the perimeter of a network and there are so many people already inside. Practically speaking, with all the cloud services, mobile devices, remote employees and contractors, there is no perimeter anymore. We need to focus on the data assets that need protecting – making sure we understand where it’s stored, that only the right people have access, and that we can track and analyse use to spot abuse.”

New state-of-the-art data centre features Vultr’s first AMD GPU supercompute cluster.
Only a quarter (25%) think their approach to the cloud is carefully considered and successful.
Moving to AWS Cloud will enable The Co-operative Bank to adopt cutting edge IT Infrastructure.
The global airline group will upgrade the value of its data and get its AI & generative AI ready...
Barracuda Networks’s award-winning Email Protection and Cloud Backup security solutions will be...
Leading company in renewables to leverage HPE’s unique turnkey AI infrastructure solution to...
The four-year project extension focuses on cloud transformation and enhanced operational efficiency...
Businesses in the UK are risking slower development as they fail to fully embrace technologies that...