Employee Access to Sensitive Files Puts Critical Data at Risk
The Ponemon survey suggested IT practitioners and users agree that the compromise of employee accounts can lead to external data breaches.Despite a growing number of data breaches occurring under the glare of the public spotlight, 71 percent of employees report that they have access to data they should not see, and more than half (54 percent) say this access is frequent or very frequent, according to a survey commissioned by Varonis Systems and conducted by the Ponemon Institute. Respondents included 1,166 IT practitioners and 1,110 users in organizations ranging in size from dozens to tens of thousands of employees, in a variety of industries including financial services, public sector, health and pharmaceutical, retail, industrial, and technology and software. Findings show 80 percent say their organizations don't enforce a strict least-privilege (or need-to-know) data model. The findings also indicate IT practitioners and users agree that the compromise of employee accounts that can lead to external data breaches are most likely to be caused by insiders with too much access who are frequently unaware of the risks that they present. "One of the most difficult challenges organizations face is achieving a balance between productivity and security. The rise of cloud-based file sync and share services like Dropbox helped productivity but made the security part of the equation even more difficult," David Gibson, vice president of marketing at Varonis, told eWEEK. "The risks associated with having sensitive files living in places the company doesn’t track or regulate, essentially leaving data protection to employees whose main goals are productivity and flexibility, is inherently dangerous."
Half of users and 74 percent of IT practitioners believe that insider mistakes, negligence or malice are frequently or very frequently the cause of leakage of company data.