The State of Data Security 2020
- Published: Wednesday, 04 March 2020 13:25
Lepide has released a report that reveals an alarming insight into the risks facing data security in enterprises across the globe, as well as insight into how unprepared most organizations are to mitigate those risks. In particular, the 2020 State of Data Security Report found that enterprises have, on average, more than 6,500 files containing sensitive data created, and more than 1,600 file server modifications made every day.
The report, which was based on more than 500 Risk Analysis Reports conducted by Lepide over the course of 2019 for customers and potential customers on their critical infrastructure, highlights several key problems that need addressing in the world of data security and compliance, in particular:
- The lack of visibility over where sensitive data is, what sensitive data is being created and which users have access to this sensitive data.
- Large numbers of privileged users with access to sensitive data that should not have or do not need this access.
- Stale and sensitive data that is improperly managed and protected in accordance with compliance standards such as GDPR, HIPAA, PCI, CCPA and more.
- Huge attack surfaces created by inactive users.
- Huge numbers of users with passwords that never expire creating easing hiding places for hackers.
The findings from the report include:
- 71 percent of companies have over 1,600 file server modifications made every day.
- 44 percent of companies have over 100,000 failed logons every day.
- 71 percent of companies have over 1,000 inactive users.
- 31 percent of companies have over 1,000 users with passwords that never expire.
- 91 percent of companies have over 1,000 ‘stale’, sensitive files.
- 77 percent of companies have over 5,000 ‘stale’, sensitive files.
“This report confirms what we have been seeing for years with enterprises of all sizes,” says Aidan Simister, CEO of Lepide. “All too often organizations have struggled to determine where their sensitive data is, who has access to it and what their users are doing with it. Native tools do not provide this insight and many vendors are far too expensive or too complicated to effectively deploy and gleam useful insights from. All it takes is for one file containing sensitive data to be copied outside of the organization for a serious data breach to occur. We hope that this report can raise awareness about how much more visibility is required over data to detect threats, prevent breaches and achieve and maintain compliance standards.”
Read the report (PDF).