Alarming Data Collected by Varonis Reveals Why Most Companies Are Easy Prey for Cyberattackers

NEW YORK, March 22, 2016 -- Varonis Systems, Inc. (NASDAQ:VRNS), a leading provider of software solutions that protect data from insider threats and cyberattacks, today revealed the results of a year of anonymous data collected during risk assessments conducted for potential customers on a limited subset of their file systems. The 2015 results show a staggering level of exposure in corporate file systems, including an average of 9.9 million files per assessment that were accessible by every employee in the company.

Varonis DatAdvantage provides full visibility into who can and does access file systems and unstructured data. Varonis Data Classification Framework identifies sensitive and regulated content, like credit card numbers and health records, and maps them to exposures in their host file systems. Even while remediation projects are still in progress, Varonis DatAlert can detect and stop insider threats, unwanted privilege escalations, and ransomware like Cryptolocker.

Of the insights gleaned from dozens of customer risk assessments conducted in mid-to-large enterprises prior to remediation, in a subset of each company’s file systems, Varonis found the average company had:

• 35.3 million files, stored in 4 million folders, meaning the average folder has 8.8 files
• 1.1 million folders, or an average of 28% of all folders, with “everyone” group permission enabled –open to all network users
• 9.9 million files that were accessible by every employee in the company regardless of their roles
• 2.8 million folders, or 70% of all folders, contained stale data -- untouched for the past six months
• 25,000 user accounts, with 7,700 of them or 31% “stale” – having not logged in for the past 60 days, suggesting former employees, employees who changed roles, or consultants and contractors whose engagements have ended

The ‘everyone’ group is a common convenience for permissions when originally set up. That mass access also makes it astonishingly easy for hackers to steal company data.

Some individual companies’ lowlights that were gleaned from the Varonis risk assessments:

• In one company, every employee had access to 82% of the 6.1 million total folders.
• Another company had more than 2 million files containing sensitive data (credit card, social security or account numbers) that everyone in the company could access.
• 50% of another company’s folders had “everyone” group permission, and more than 14,000 files in those folders were found to contain sensitive data.
• A single company had more than 146,000 stale users – accounts whose users had not logged in for the past 60 days.  That’s nearly three times more users than the average FORTUNE 500 company has total employees.

David Gibson, Vice President of Strategy and Market Development at Varonis, said, “Although this data presents a bleak look at the average enterprise’s corporate file system environment, the organizations running these risk assessments are taking these challenges seriously. Most of them have since implemented Varonis, embracing a more holistic view of the data on their file and email systems and closing these gaping, often unseen security holes before the next major breach causes heavy damage. Our software is able to provide a granular look at where sensitive data lives, where it is over-exposed within an organization, who is accessing that data, and how to lock it down. While that remediation process is running, our ability to start detecting and stopping many types of insider threats has been a major revelation for our customers.”

Additional Resources

• For more information on Varonis' solution portfolio, please visit www.varonis.com
• Visit our blog, and join the conversation on Facebook, Twitter, LinkedIn and YouTube.

About Varonis
Varonis is a leading provider of software solutions that protect data from insider threats and cyberattacks. Through an innovative software platform, Varonis allows organizations to analyze, secure, manage, and migrate their volumes of unstructured data. Varonis specializes in file and email systems that store valuable spreadsheets, word processing documents, presentations, audio and video files, emails, and text. This rapidly growing data often contains an enterprise’s financial information, product plans, strategic initiatives, intellectual property, and confidential employee, customer or patient records. IT and business personnel deploy Varonis software for a variety of use cases, including data security, governance and compliance, user behavior analytics, archiving, search, and file synchronization and sharing. With offices and partners worldwide, Varonis had approximately 4,350 customers as of December 31, 2015, spanning leading firms in financial services, healthcare, public, industrial, insurance, energy and utilities, media and entertainment, consumer and retail, technology and education sectors.

News Media Contact:
Sarah Wheble
CTP
617-412-4000 x 227
Email: [email protected]