While significant insider breaches, such as WikiLeaks, shed light on the importance of file security, most companies don't know the exact number or location of their sensitive files, or who has access to them, according to a survey of more than 150 IT security professionals by data security firm Imperva.
In the survey, an overwhelming majority (82%) of respondents reported that breaches such as WikiLeaks made them reconsider their company's data security policies. However, only 18% of respondents said that they knew the exact number of sensitive files they had, and just 39% could say for sure where those files were located on their servers. Even more startling, 65% of those polled said that they were unsure who has access to these sensitive files.
"Major breaches like WikiLeaks happen because of a lack of effective file security controls," said Amichai Shulman, CTO of Imperva. "With so many respondents unsure of how many sensitive files they have and how accessible they are, it indicates a general lack of control over sensitive data, which increases the likelihood of an insider breach."
In fact, nearly one-third of those polled reported that their company had lost data due to employees abusing access rights, on purpose or by accident. "The first step to a solid data security plan is taking inventory of your sensitive files and knowing where they are and who has access to them at all times," said Shulman. "Only with this complete picture will you be able to guard against insider threat by detecting when sensitive data is being added or removed, or when an employee is improperly accessing files."