Employees With Execessive Data Access Privileges Pose Threats to Organizations, Study SaysEmployees With Execessive Data Access Privileges Pose Threats to Organizations, Study Says
A new report on corporate data revealed that employees with excessive data access privileges are a growing risk to organizations. How will IT combat this threat going forward?
December 29, 2014
A new Ponemon Institute study on corporate data revealed that employees with excessive data access privileges are a growing risk to organizations.
The study, titled “Corporate Data: A Protected Asset or a Ticking Time Bomb?,” showed that employees with excessive data access privileges represent a growing risk to organizations. However, study researchers also found that despite this danger, many organizations provide unlimited corporate data access to the majority of their employees.
“Data breaches are rampant and increasing. The sheer growth of both digital information and our dependence on it can overwhelm organizations’ attempts to protect their sensitive data,” Dr. Larry Ponemon, founder of the Ponemon Institute, said in a prepared statement. “This research surfaces an important factor that is often overlooked: employees commonly have too much access to data, beyond what they need to do their jobs, and when that access is not tracked or audited, an attack that gains access to employee accounts can have devastating consequences.”
Study results included:
76 percent of end users said they believe there are times when it is acceptable to transfer work documents to their personal devices.
73 percent of end users said they believe the growth of emails, presentations, multimedia files and other types of company data has very significantly or significantly affected their ability to find and access data.
71 percent of end users said they have access to sensitive corporate data.
60 percent of IT practitioners said they believe it is very difficult or difficult for employees to search and find company data or files they or their co-workers have created that are not stored on their own computers.
48 percent of IT practitioners said they either permit end users to use public cloud file sync services or permission to use these services is not required.
The Ponemon Institute study, sponsored by enterprise corporate data software company Varonis Systems (VRNS), included responses from 2,276 employees worldwide.
What can MSPs learn from this study?
Varonis CEO Yaki Faitelson pointed out that the study revealed corporate data access controls and auditing can have far-flung effects on managed service providers (MSPs), their employees and their customers.
“These findings should be a wake-up call to any organization that stores information about its customers, employees or business partners,” he said. “There has been so much focus and investment on protecting the perimeter, but the most fundamental building blocks of security that protect the data inside – access controls and auditing – are often left behind.”
Study researchers also noted creating policies and procedures that highlight the importance of corporate data protection can help MSPs avoid IT security issues.
“Inconsistent messages about productivity and the importance of information security cause confusion among employees as to what their responsibilities are in protecting company data,” researchers wrote in their report. “An organization with a lack of controls and oversight is fertile ground for attacks by or through insiders.”
About the Author(s)
You May Also Like
November's Top 20 Stories: Broadcom-VMware, AI in UCaaS, Google Cloud Shake-UpDec 04, 2023
Digital Transformation 2.0? IT Teams Look Ahead to 2024Dec 05, 2023
Insight-SADA Deal Makes Tony Safoian Richest Man in the ChannelDec 04, 2023
AWS re:Invent Partner, Vendor News: Cisco, Salesforce, MoreDec 01, 2023