STOCK TITAN

Exposed Cloud Data is a $28 Million Cyber Risk for the Average Company

Rhea-AI Impact
(Neutral)
Rhea-AI Sentiment
(Neutral)
Tags
Rhea-AI Summary

Varonis' recent report, The Great SaaS Data Exposure, reveals that businesses face an average of $28 million in data-breach risks due to sensitive cloud data exposure. Analyzing nearly 10 billion cloud objects across 700 companies, findings show that 81% have sensitive data exposed. Furthermore, 157,000 sensitive records are publicly accessible on the internet per company. The report highlights critical vulnerabilities, such as 4,468 user accounts without multi-factor authentication and over half of super admin accounts lacking this security measure.

Positive
  • Report analyzed data risk assessments from over 700 companies.
  • Highlights the importance of cybersecurity measures in SaaS applications.
Negative
  • Average company has 157,000 sensitive records exposed online.
  • Over 4,468 user accounts lack multi-factor authentication, increasing risk.
  • More than half of super admin accounts have no MFA, heightening vulnerability.
  • Companies possess over 40 million unique permissions across SaaS, complicating security management.

“The Great SaaS Data Exposure” report from Varonis analyzes SaaS risk at hundreds of companies, shedding light on the tension between productivity and security

NEW YORK, Oct. 04, 2022 (GLOBE NEWSWIRE) -- The average company with data in the cloud faces $28 million in data-breach risk, according to a new report from Varonis. The Great SaaS Data Exposure examines the challenges CISOs face in protecting data across a growing portfolio of SaaS apps and services such as Microsoft 365, Box, and Okta.

The study highlights how hard-to-control collaboration, complex SaaS permissions, and risky misconfigurations — such as admin accounts without multi-factor authentication (MFA) — have left a dangerous amount of cloud data exposed to insider threats and cyberattacks.

For the report, researchers at Varonis analyzed nearly 10 billion cloud objects (more than 15 petabytes of data) across a random sample of data risk assessments performed at more than 700 companies worldwide.

Key findings from the Varonis report include:

  • Most companies are sitting on exposed data in the cloud. A whopping 81 percent of organizations had sensitive SaaS data exposed.
  • Companies face dangerous cloud data risks. In the average company, 157,000 sensitive records are exposed to everyone on the internet by SaaS sharing features, representing $28 million in data-breach risk.
  • Broad internal data exposure is a real problem One out of every 10 records in the cloud is exposed to all employees — creating an impossibly large internal blast radius, which maximizes damage during a ransomware attack.
  • Missing MFA makes attackers' jobs easier. The average company has 4,468 user accounts without MFA enabled, making it easier for attackers to compromise internally exposed data. 
  • Sitting-duck admin accounts leave companies vulnerable. Out of 33 super admin accounts in the average organization, more than half did not have MFA enabled. This makes it easier for attackers to compromise these powerful accounts, steal more data, and create backdoors.
  • Untenable permission structures pose a big challenge. Companies have more than 40 million unique permissions across SaaS applications, creating a nightmare for IT and security teams responsible for managing and reducing cloud data risk.

Get the Report: The Great SaaS Data Exposure

"Cloud security shouldn't be taken for granted. When security teams lack critical visibility to manage and protect SaaS and IaaS apps and services, it's nearly impossible to ensure your data isn't walking out the door," says Brian Vecci, Field CTO, Varonis. "This report is a true-to-life picture of over 700 real-world risk assessments of production SaaS environments. The results underscore the urgent need for CISOs to uncover and remediate their cloud risk as quickly as possible."

Additional Resources

About Varonis 
Varonis is a pioneer in data security and analytics, fighting a different battle than conventional cybersecurity companies. Varonis focuses on protecting enterprise data: sensitive files and emails; confidential customer, patient, and employee data; financial records; strategic and product plans; and other intellectual property. The Varonis Data Security Platform detects cyber threats from both internal and external actors by analyzing data, account activity, and user behavior; prevents and limits disaster by locking down sensitive and stale data; and efficiently sustains a secure state with automation. Varonis products address additional important use cases including data protection, data governance, Zero Trust, compliance, data privacy, classification, and threat detection and response. Varonis started operations in 2005 and has customers spanning leading firms in the financial services, public, healthcare, industrial, insurance, energy and utilities, technology, consumer and retail, media and entertainment, and education sectors. 

A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/ea669b72-a26c-474b-b5d9-594c3177deac

Investor Relations Contact: 
James Arestia 
Varonis Systems, Inc. 
646-640-2149 
investors@varonis.com 

News Media Contact: 
Rachel Hunt 
Varonis Systems, Inc. 
877-292-8767 (ext. 1598) 
pr@varonis.com


FAQ

What is the data breach risk mentioned in the Varonis report for the average company?

The average company faces $28 million in data-breach risk.

How many companies were analyzed in Varonis' SaaS report?

Varonis analyzed data from over 700 companies.

What percentage of organizations had sensitive data exposed according to the report?

81% of organizations had sensitive SaaS data exposed.

How many sensitive records does the average company have exposed to the internet?

The average company has 157,000 sensitive records exposed to everyone on the internet.

What security measure is lacking for many user accounts in the report?

The average company has 4,468 user accounts without multi-factor authentication (MFA) enabled.

What is a major vulnerability of admin accounts highlighted in the report?

More than half of super admin accounts in the average organization do not have multi-factor authentication enabled.

Varonis Systems, Inc.

NASDAQ:VRNS

VRNS Rankings

VRNS Latest News

VRNS Stock Data

5.07B
110.06M
2.14%
101.7%
9.05%
Software - Infrastructure
Services-prepackaged Software
Link
United States of America
NEW YORK