A year of anonymous data from risk assessments of corporate file systems reveals that many companies are failing to use permissions to limit access to sensitive data. New data released yesterday by Varonis Systems, a specialist in insider threat protection, illuminates one reason so many companies are easy prey for cyberattackers: They fail to use permissions to limit access to valuable data. Using anonymous data collected from the risk assessments it conducted for potential customers in 2015, Varonis says it found a “staggering level of exposure” in corporate systems, including an average of 9.9 million files per assessment that were accessible by every employee in the company. Varonis used data from dozens of customer risk assessments of mid-to-large enterprises. In a subset of each company’s file systems, Varonis found the average company had the following: 35.3 million files, stored in four million folders, meaning the average folder has 8.8 files. 1.1 million folders, or an average of 28 percent of all folders, with “everyone” group permission enabled, open to all network users. 9.9 million files that were accessible by every employee in the company regardless of their roles. 2.8 million folders, or 70 percent of all folders, that contained “stale data” that had been untouched for the past six months. 25,000 user accounts, with 7,700 of them (31 percent) stale — having not logged in for the past 60 days, suggesting former employees, employees who changed roles or consultants and contractors whose engagements had ended. The company notes that the “everyone” group is a common convenience for permissions when originally set up, but such mass access makes it very easy for attackers to steal company data. Some of the individual lowlights Varonis discovered include the following: One company in which every employee had access to 82 percent of its 6.1 million total folders. Another company which had more than two million files containing sensitive data (credit card, social security or account numbers) that everyone in the company could access. Yet another company in which 50 percent of the company’s folders had “everyone” group permission, and more than 14,000 files in those folders were found to contain sensitive data. Still another company that had more than 146,000 stale users — nearly three times more users than the average Fortune 500 company has total employees. “Although this data presents a bleak look at the average enterprise’s corporate file system environment, the organizations running these risk assessments are taking these challenges seriously,” David Gibson, vice president of Strategy and Market Development at Varonis, said in a statement yesterday. He notes that many of them went on to implement Varonis’ platform in an effort to remediate their file system issues. Varonis put together the infographic belows based on its findings. (Click for larger image.) Related content feature 8 change management questions every IT leader must answer Designed to speed adoption and achieve business outcomes, change management hasn’t historically been a strength of IT orgs. It’s time to flip that script by asking hard questions to hone change strategies. By Stephanie Overby Nov 30, 2023 10 mins Change Management Change Management IT Operations feature CIO Darlene Taylor’s formula for success: Listen, drive, care This Motor City CIO says building and maintaining credibility starts with an empathy-driven approach, which has the potential to render you highly appealing to top talent. By Michael Bertha Nov 30, 2023 6 mins Automotive Industry IT Leadership brandpost Sponsored by Huawei 400G: Building bandwidth for the next lap By Jane Chan Nov 30, 2023 5 mins Networking feature 4 remedies to avoid cloud app migration headaches The compelling benefits of using proprietary cloud-native services come at a price: vendor lock-in. Here are ways CIOs can effectively plan without getting stuck. By Robert Mitchell Nov 29, 2023 9 mins CIO Managed Service Providers Managed IT Services Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe