Employees of companies in the financial sector have access to almost 11 million sensitive files since the first day of work – 20 million in the case of larger companies. This is one of the results of the study 2021 Data Risk Report gives Manly, American information security.
According to the survey, these numbers represent an average of 13% of the company’s total files. “This means that even the employees of the smallest companies have unrestricted freedom to view, copy, move, change and delete data from more than half a million files – including almost 20% of all files containing confidential employee and customer data. The number of files exposed doubles as the size of the company increases; the largest financial services organizations average more than 20 million open files for each employee”.
The study was carried out based on the analysis of 4 billion files from 56 different financial entities (banks, investors and insurance companies) and aims to analyze the main threats, trends and specific solutions for the sector.
Varonis researchers believe that the rapid (and forced) transition to the home office, caused by the global pandemic of the new coronavirus (covid-19) is one of the main factors that justify these numbers.
“The abrupt nature of this transition has forced many companies to enter the cloud without the proper preparation for cybersecurity, inadvertently increasing their attack surface as employees connect through insecure networks and home computers. The risk increases exponentially when companies have obvious gaps, such as passwords that never expire and folders containing confidential data open to all employees”, They write.
The survey was also concerned with covering the behavior of password usage and management. About 59% of the companies analyzed have more than 500 passwords that never expire and almost 40% have more than 10,000 ghost users. Another result is that data leakage costs in companies in this sector are among the largest in the entire industry, with almost $ 6 million dollars.
For researchers, it is necessary to make a safe transition to remote work, with the blocking of access to sensitive data to avoid risks of unwanted incidents “Mobilization without security controls exponentially increases the risk represented by internal attacks, malware and ransomware and exposes companies to a possible non-compliance with regulations such as GDPR and other. ”
Source: Varonis 2021 Data Risk Report.
See the original post at: https://thehack.com.br/funcionarios-do-mercado-financeiro-tem-acesso-a-uma-media-de-11-milhoes-de-arquivos-da-empresa/?rand=48873
