Third of organisations lose data as employees abuse access rights

A survey of over 320 IT security professionals has revealed that organisations in the UK have not changed their attitudes to the threat of insider breaches despite the lessons of Wikileaks.

In the survey, 86% could not categorically state that they knew how many sensitive files their organisation had – only 41% had an idea where sensitive files were stored on their networks while 18% admitted they didn’t know.

In fact, less than half (43%) knew which users had access to sensitive files while 32% confessed that their organisation had lost data as a result of people abusing file access rights.

An identical survey was conducted in the US and, while there were similar levels of inadequate awareness and protection of sensitive files, the critical difference is that US IT professionals planned on taking some preventative action.

In the US 82% of survey respondents stated that Wikileaks had forced them to rethink their company’s data security strategy, while in the UK only 32% are giving it a second thought. Additionally 70% of the professionals surveyed in the UK, versus 58% in the US, do not plan to increase the money they invest in data security.

The fact that almost a third of the organisations we spoke to had suffered a data breach indicates the importance of protecting files containing sensitive information. With 80% of all sensitive company data stored in files, and this number is estimated to grow by 60% annually, the problem of unidentified and unprotected files will also grow unless people start to take it seriously.

Effective user rights management and file access monitoring will help organisations not only identify where their sensitive information is located, but also who is accessing it. Only then will they be able to accurately control its use and prevent its abuse.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Amichai Shulman is Co-Founder and CTO of Imperva, where he heads Imperva's internationally recognised research organisation focused on security and compliance. Prior to Imperva, Amichai was founder and CTO of Edvice Security Services, a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation. Amichai served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has B.Sc and Masters Degrees in Computer Science from the Technion, Israel Institute of Technology.