Using anonymous data collected from the risk assessments it conducted for potential customers in 2015, Varonis says it found a "staggering level of exposure" in corporate systems, including an average of 9.9 million files per assessment that were accessible by every employee in the company.
Varonis used data from dozens of customer risk assessments of mid-to-large enterprises. In a subset of each company's file systems, Varonis found the average company had the following:
The company notes that the "everyone" group is a common convenience for permissions when originally set up, but such mass access makes it very easy for attackers to steal company data.
Some of the individual lowlights Varonis discovered include the following:
"Although this data presents a bleak look at the average enterprise's corporate file system environment, the organizations running these risk assessments are taking these challenges seriously," David Gibson, vice president of Strategy and Market Development at Varonis, said in a statement yesterday.
He notes that many of them went on to implement Varonis' platform in an effort to remediate their file system issues.
Varonis put together the infographic belows based on its findings.