Thursday, April 27, 2017

Organizations Fail to Maintain Principle of Least Privilege

This is a basic tenant of cybersecurity & I cannot stress how important this is to any size organization.  Yes, user audits are painful & tedious but they need to be performed at least annually.  Depending on the size of your organization & its turnover it may even be something to perform on a quarterly basis.

From Security Week:

Organizations Fail to Maintain Principle of Least Privilege

"Security requires that confidential commercial data is protected; compliance requires the same for personal information. The difficulty for business is the sheer volume of data generated makes it difficult to know where all the data resides, and who has access to it. A new report shows that 47% of analyzed organizations in 2016 had at least 1,000 sensitive files open to every employee; and 22% had 12,000 or more.

These figures come from the Varonis 2016 Data Risk Assessments report. Each year Varonis conducts more than 1,000 risk assessments for both existing and potential customers. For its latest analysis of data risk, it has selected, at random, 80 of these assessments. They cover 33 industries in 12 different countries. Forty-two of the organizations have fewer than 1000 employees, and 38 have 1001 or more employees."

No comments:

Post a Comment