Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Excessive Employee Access Privileges Expose Corporate Data to Risk: Survey

A recent report from the Ponemon Institute underscores the challenges businesses face when they trying to secure user access to data.

A recent report from the Ponemon Institute underscores the challenges businesses face when they trying to secure user access to data.

According to a survey of 2,276 employees (1,166 IT pros and 1,110 end users) from organizations in the U.S., U.K., France and Germany, 71 percent of end users said they had access to data they should not see, and more than half (54 percent) said this access is either frequent or very frequent.

Some 80 percent of the IT pros said their organization does not enforce a strict least-privilege data model, and only 47 percent of the 1,166 IT professionals said end users in their organizations are taking appropriate steps to protect company data accessed by them. What’s more, only 22 percent of both groups felt their organization placed a very high priority on protecting critical information.

“Employees are often left with needlessly excessive data access privileges and loose data-sharing policies,” according to the report. “Compounding the risk, organizations are unable to determine what happened to data when it goes missing, indicating a lack of monitoring and further absence of controls. This presents a growing risk for organizations due to both accidental and conscious exposure of sensitive or critical data.”

“Data breaches are rampant and increasing,” said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, in a statement. “The sheer growth of both digital information and our dependence on it can overwhelm organizations’ attempts to protect their sensitive data. This research surfaces an important factor that is often overlooked: employees commonly have too much access to data, beyond what they need to do their jobs, and when that access is not tracked or audited, an attack that gains access to employee accounts can have devastating consequences.”

Seventy-six percent of end users in the survey, which was sponsored by Varonis, believe there are times when it is acceptable to transfer work documents to their personal devices, while only 13 percent of the IT practitioners agree. In addition, 49 percent of IT practitioners say it is not likely or there is no chance that when documents, files or emails are lost or change unexpectedly, the organization will be able to assess what happened to them. 

“End users choose convenience,” according to the report. “The most popular way of sharing company data or files with co-workers is by email. Fifty-six percent of IT practitioners and 52 percent of employees say they prefer email…Both groups also say it is very difficult or difficult to share company data or files with business partners.”

“These findings should be a wake-up call to any organization that stores information about its customers, employees or business partners, which means almost any business or institution in today’s world,” Yaki Faitelson, Varonis Co-Founder and CEO, said in a statement.

Advertisement. Scroll to continue reading.

“Unnecessary access combined with a lack of auditing capability adds up to inevitable disaster,” he added.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

More People On The Move

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...