Varonis reveals why most companies are easy prey for cyber attackers

Varonis Systems, Inc., a leading provider of software solutions that protect data from insider threats and cyberattacks, today revealed the results of a year of anonymous data collected during risk assessments conducted for potential customers on a limited subset of their file systems. The 2015 results show a staggering level of exposure in corporate file systems, including an average of 9.9 million files per assessment that were accessible by every employee in the company.

Of the insights gleaned from dozens of customer risk assessments conducted in mid-to-large enterprises prior to remediation, in a subset of each company’s file systems, Varonis found the average company had:

  • 35.3 million files, stored in 4 million folders, meaning the average folder has 8.8 files
  • 1.1 million folders, or an average of 28% of all folders, with “everyone” group permission enabled –open to all network users
  • 9.9 million files that were accessible by every employee in the company regardless of their roles
  • 2.8 million folders, or 70% of all folders, contained stale data — untouched for the past six months
  • 25,000 user accounts, with 7,700 of them or 31% “stale” – having not logged in for the past 60 days, suggesting former employees, employees who changed roles, or consultants and contractors whose engagements have ended

The ‘everyone’ group is a common convenience for permissions when originally set up. That mass access also makes it astonishingly easy for hackers to steal company data.

Some individual companies’ lowlights that were gleaned from the Varonis risk assessments:

  • In one company, every employee had access to 82% of the 6.1 million total folders.
  • Another company had more than 2 million files containing sensitive data (credit card, social security or account numbers) that everyone in the company could access.
  • 50% of another company’s folders had “everyone” group permission and more than 14,000 files in those folders were found to contain sensitive data.
  • A single company had more than 146,000 stale users – accounts whose users had not logged in for the past 60 days.  That’s nearly three times more users than the average FORTUNE 500 company has total employees.

David Gibson, Vice President of Strategy and Market Development at Varonis, said, “Although this data presents a bleak look at the average enterprise’s corporate file system environment, the organisations running these risk assessments are taking these challenges seriously. Most of them have since implemented Varonis, embracing a more holistic view of the data on their file and email systems and closing these gaping, often unseen security holes before the next major breach causes heavy damage. Our software is able to provide a granular look at where sensitive data lives, where it is over-exposed within an organisation, who is accessing that data, and how to lock it down. While that remediation process is running, our ability to start detecting and stopping many types of insider threats has been a major revelation for our customers.”

Varonis DatAdvantage provides full visibility into who can and does access file systems and unstructured data. Varonis Data Classification Framework identifies sensitive and regulated content, like credit card numbers and health records, and maps them to exposures in their host file systems. Even while remediation projects are still in progress, Varonis DatAlert can detect and stop insider threats, unwanted privilege escalations, and ransomware like Cryptolocker.

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

OneLink

Product Spotlight – Gallagher’s OneLink

Gallagher Security presents, OneLink – the product that is elevating remote security through the power of the cloud 
Intersec Saudi

Intersec Saudi Arabia returns with record exhibition space

Intersec Saudi Arabia, the premier industry platform for security, safety and fire protection, will return to the Riyadh…
Doorbird Carousel

Product Spotlight – Door Communication for the “Neue Wallufer”

 A customised solution case study for a residential complex is presented by DoorBird and CompuNet Systems GmbH 
ASSA ABLOY

Electric locks are a vital component in digital access

To protect the important openings in their buildings, organizations need locks they can trust. This means more than just strength…
Videx

Videx Unveils the ERA23V

Videx has launched the ERA23V, a sleek and innovative video entry panel designed to redefine door entry and access control.
The Role of AI Gateway Devices

From the Expert – The Role of AI Gateway Devices

AI gateway devices bridge legacy security cameras and cloud platforms, enabling real-time analytics, hybrid storage, and compliance…
Cover Story - Empowering the Mobile Workforce with HID

Cover Story – Empowering the Mobile Workforce with HID

HID presents the latest in portable readers, depicting a modern world where secure access moves with you…
access control integration

HID Redefines Physical and Digital Security Integration

HID announced the launch of HID Integration Service, a platform that integrates physical security, cybersecurity and digital identity…
Image provided by SentinelOne

SentinelOne to Spotlight AI-Power at GISEC 2025

SentinelOne announces its participation at GISEC Global 2025 (6-8 May) at the Dubai World Trade Centre. The company will highlight..
Image provided by ASSA ABLOY

Flexible access management

Powering digital access with energy-harvesting technology frees organizations from wiring and even batteries. However…
Scroll to Top