Wednesday, April 4, 2018

Sleeping with the enemy

Companies and institutions increasingly invest a greater percentage of their budget in securing their digital perimeter to protect themselves from the growing number of attacks and external threats. But ... have we considered what happens if we raise huge walls to protect us from the outside but our enemy is already inside and is part of our organization?


That same question is the one made by those Global Data Risk Report managers prepared by Varonis and we do not know if the answers can be described as surprising, but certainly are worrying. This study shows that, as happened in Troy, most organizations are so concerned about their digital perimeter that they forget the need to maintain a minimum internal protection of their information to prevent it from circulating freely or falling into the wrong hands.

The report presented by Varonis is based on the analysis of the file systems of its actual or potential clients (about 130 companies) and focuses on the different risks that a company with an acceptable level of digitization currently has to face: security breaches, internal threats (what we want to highlight today) and external attacks, such as ransomware.

If we break down the data of the study, the panorama of the protection of the systems and corporative networks in front of its own employees is bleak: 21% of the folders with information are accessible to all the employees and 58% of the big companies analyzed have at least 100,000 folders that can be consulted by anyone

It also draws attention to the fact that 54% of the information stored by the companies is obsolete, so many resources are dedicated to protect some data that actually have no value and that could have been eliminated, reducing not only the load of cybersecurity equipment, but also reducing the costs of maintenance and operations of its infrastructure. In addition, 34%  of users included in these systems are also outdated and many of them are former employees who could have access to the information.

Let's focus on another fact that surely surprises many professionals of the infosec: 46% of the companies analyzed have at least 1,000 users whose passwords never expire or have been renewed, which means a clear Achilles heel in the defense of information stored, even more if we take into account that 41% of companies have at least 1,000 files with sensitive information available to any user with access to the system.

We have already discussed several times that the security of any defense is as strong as the weakest of its links,so we believe that this study is especially interesting to make us reflect on the importance of cleaning in our own house and to bring order, because if we do not, we can feel safe ... without knowing that we are sleeping with our enemy.


Post a Comment