In 2015, the average company had roughly 9.9 million files accessible to every employee regardless of their roles.
Varonis collected a year's worth of anonymous data from dozens of customer risk assessments conducted in mid-to-large companies in various sectors. The data was collected during risk assessments for potential customers on a limited subset of their file systems.
An average of 28 percent of all folders (1.1 million) with the ‘everyone' group permission enabled was open to all network users. The ‘everyone' group refers to permissions when originally set up, making it very easy for hackers to steal company data.
It was discovered that 70 percent of all folders contained stale data that hadn't been touched in six months. Thirty one percent of 25,000 user accounts have not logged in for the past 60 days, suggesting that they belonged to former employees, employees who've changed roles, or consultants and contractors with engagements that have ended.
One of the companies had over two million files containing sensitive data (credit card, social security or account numbers) that everyone in the company was able to access. Half of another company's folders had the ‘everyone' group permission and more than 14,000 files in those folders contained sensitive data.
David Gibson, VP of strategy and market development at Varonis, said, “although this data presents a bleak look at the average enterprise's corporate file system environment, the organisations running these risk assessments are taking these challenges seriously. Most of them have since implemented Varonis, embracing a more holistic view of the data on their file and email systems and closing these gaping, often unseen security holes before the next major breach causes heavy damage.”