Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

Excessive Employee Access Privileges Expose Corporate Data to Risk: Survey

A recent report from the Ponemon Institute underscores the challenges businesses face when they trying to secure user access to data.

A recent report from the Ponemon Institute underscores the challenges businesses face when they trying to secure user access to data.

According to a survey of 2,276 employees (1,166 IT pros and 1,110 end users) from organizations in the U.S., U.K., France and Germany, 71 percent of end users said they had access to data they should not see, and more than half (54 percent) said this access is either frequent or very frequent.

Some 80 percent of the IT pros said their organization does not enforce a strict least-privilege data model, and only 47 percent of the 1,166 IT professionals said end users in their organizations are taking appropriate steps to protect company data accessed by them. What’s more, only 22 percent of both groups felt their organization placed a very high priority on protecting critical information.

“Employees are often left with needlessly excessive data access privileges and loose data-sharing policies,” according to the report. “Compounding the risk, organizations are unable to determine what happened to data when it goes missing, indicating a lack of monitoring and further absence of controls. This presents a growing risk for organizations due to both accidental and conscious exposure of sensitive or critical data.”

“Data breaches are rampant and increasing,” said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, in a statement. “The sheer growth of both digital information and our dependence on it can overwhelm organizations’ attempts to protect their sensitive data. This research surfaces an important factor that is often overlooked: employees commonly have too much access to data, beyond what they need to do their jobs, and when that access is not tracked or audited, an attack that gains access to employee accounts can have devastating consequences.”

Seventy-six percent of end users in the survey, which was sponsored by Varonis, believe there are times when it is acceptable to transfer work documents to their personal devices, while only 13 percent of the IT practitioners agree. In addition, 49 percent of IT practitioners say it is not likely or there is no chance that when documents, files or emails are lost or change unexpectedly, the organization will be able to assess what happened to them. 

“End users choose convenience,” according to the report. “The most popular way of sharing company data or files with co-workers is by email. Fifty-six percent of IT practitioners and 52 percent of employees say they prefer email…Both groups also say it is very difficult or difficult to share company data or files with business partners.”

“These findings should be a wake-up call to any organization that stores information about its customers, employees or business partners, which means almost any business or institution in today’s world,” Yaki Faitelson, Varonis Co-Founder and CEO, said in a statement.

“Unnecessary access combined with a lack of auditing capability adds up to inevitable disaster,” he added.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...


A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...