Study Finds New Employees Immediately Given Access to Millions of Files

A new report demonstrates that the size of the problem for financial services created by the COVID-related switch to remote working can only be solved by automation.

Data protection firm Varonis analyzed a dataset of 4 billion files in 56 financial services companies. It found that all new employees immediately had access to an average of 10 million files -- which was nearer 20 million in the larger companies. This is a security issue in itself -- but one that is made worse by the dramatic and forced switch to working from home by international pandemic lockdowns. All companies -- not just financial services -- were required to step into the cloud without adequate preparation. 

"Mobilizing without proper security controls," warns Varonis in its latest study on financial services, "exponentially increases the risk posed by insiders, malware, and ransomware attacks, and opens companies up to possible non-compliance with regulations such as SOX, GDPR, and PCI."

Detailed analysis of the files available to staff working remotely or from home shows home workers have unrestricted freedom to view, copy, move and change data to almost 20% of all files containing sensitive employee and customer data. On average, Varonis finds that every financial services organization has approximately 20,000 folders exposed to every employee per terabyte of stored data.

"It takes IT professionals an estimated 6–8 hours per folder to locate and manually remove global access, meaning it would take years to remediate these folders manually," says Varonis -- something that is impossibly tedious and time-consuming without automation.

The current inadequately secured global access results in a series of threats to financial services organizations. A single successful phishing attack against an employee could result in a corporate compromise. According to the IBM Cost of a Data Breach Report 2020, "The average tim ..