Ponemon: 71 Percent of Employees Have Widespread Access to Corporate Data
A new study on corporate data worldwide revealed the majority of employees said they have access to sensitive information, which ultimately could result in data breaches or other IT security problems
A new Ponemon Institute study on corporate data worldwide revealed that the majority of employees said they have access to sensitive information, which ultimately could result in data breaches or other IT security problems.
The study, titled “Corporate Data: A Protected Asset or a Ticking Time Bomb?,” showed that 71 percent of employees said they have unauthorized access to corporate data, and more than half said this access is frequent or very frequent.
“Data breaches are rampant and increasing,” Ponemon Institute Chairman Dr. Larry Ponemon said in a prepared statement. “This research surfaces an important factor that is often overlooked: employees commonly have too much access to data, beyond what they need to do their jobs, and when that access is not tracked or audited, an attack that gains access to employee accounts can have devastating consequences.”
Other study results included:
80 percent of respondents said their organizations don’t enforce a strict least-privilege (or need-to-know) data model.
76 percent of end users said their job requires them to access and use proprietary information such as customer data, employee records, financial reports and confidential business documents.
73 percent of end users said they believe the expansion of emails, presentations, multimedia files and other types of company data has very significantly or significantly affected their ability to find and access data.
68 percent of end users said they believe it is difficult or very difficult to share appropriate data or files with business partners such as customers or vendors.
67 percent of IT practitioners said their organizations have experienced the loss or theft of company data over the past two years, while only 44 percent of end users said they believe this has happened.
The study was sponsored by enterprise data management software provider Varonis Systems (VRNS) and included responses from 2,276 employees in the United States, United Kingdom, France and Germany.
How can businesses protect their corporate data?
Varonis CEO Yaki Faitelson said the study results are “a wake-up call” for businesses that want to protect corporate data both inside and outside their offices.
“There has been so much focus and investment on protecting the perimeter, but the most fundamental building blocks of security that protect the data inside – access controls and auditing – are often left behind,” he said. “Unnecessary access combined with a lack of auditing capability adds up to inevitable disaster.”
Click here for Talkin’ Cloud’s Top 100 CSP list
Study researchers also noted that when permissions management and auditing capabilities are not in place, employees’ excessive access to data and their security negligence are increasingly putting corporate data at risk.
However, a business that prioritizes data protection from top to bottom can eliminate IT security threats, study researchers said.
“If an organization’s leadership does not make data protection a priority, it will be difficult to ensure end users’ compliance with information security policies and procedures,” researchers wrote in their report.
Share your thoughts about this story in the Comments section below, via Twitter @dkobialka or email me at [email protected].
About the Author
You May Also Like