Another way Hackers are Sneaking into your Network

On average, every employee has access to over 17 million files 1.21 million folders. — Varonis

Overexposed data is a common security vulnerability. It is crucial to keep access restricted to only those employees who absolutely need it; it’s also vital to manage users, eliminate broken inheritance and permissions inconsistencies, and lock down sensitive data. While access requirements to files and folders are constantly evolving as a natural progression of business--projects and teams come and go, and users join, change roles, or leave the organization. It is imperative to know exactly who uses – and no longer uses – data to remain consistent and precise about reducing access and causing the fewest headaches.

Globally accessible data, meaning groups that allow every individual in the organization to access these folders, puts an organization at high risk from malware and ransomware attacks, and files open to anyone via an anonymous link represent an additional risk. It only takes one click on a phishing email to set off a chain of events that encrypts or destroys all accessible files--and with globally accessible data, that essentially means all files.

IT professionals estimate it takes about 6-8 hours per folder to locate and manually remove global access groups, identify users that need access, create and apply new groups, and finally populate them with the correct users.

Organizations often fail to review what happened prior to a data breach or pay attention to the the early warning signs that could potentially point to an imminent failure that may allow attackers unfettered access to important/sensitive information once they’ve breached the corporate network.

Outdated user permissions and stale accounts are frequent targets for exploitation and malicious use. Varonis reports that more than half of companies have over 1,000 sensitive files that are open to every employee, up from 41% last year. Most attackers target data, but they get to their target by hijacking accounts. Users with unnecessary access to sensitive data present a huge risk to the company, and stale but enabled accounts are an unnecessary security risk. Your IT department should review stale enabled accounts to determine if they are necessary, and delete or disable accounts as needed.

50% of user accounts are stale or “phantom users” — Varonis

Like burglars, hackers frequently look for the easiest and least obvious ways to gain access to a network and start poking around. Phantom users--user and service accounts that are inactive and enabled--are targets for penetration and lateral movement. While phantom accounts can go unnoticed day after day, they still provide access to systems and data, and though stale, these user accounts are one of the best ways for hackers to test the waters, so to speak. These phantom users create network noise that can make security measures more difficult for an organization’s IT department; identifying and eliminating them is an often-overlooked security measure that should be part of an organization’s regular network maintenance, as a part of their overall security protocol. If these accounts are left unmonitored, attackers can steal data or cause disruption without ever being detected - placing an organization at great risk for sensitive data being exposed.

“Today, most CISOs assume that it’s just a matter of time before their security perimeter will be breached, which underscores the importance of data protection,” said Varonis Field CTO Brian Vecci. The level of sensitive data exposure and oversubscribed access that most organizations are living with should set off alarm bells for corporate boards and shareholders.”

Additionally, regulations like GDPR set the stage to penalize companies that fail to protect the personal information that can frequently reside in unsecured files and folders. Despite potentially facing regulatory fines and cybersecurity threats for violations to GDPR and similar regulations, more than half of companies have over 1,000 exposed, sensitive files

There are several best practices that have been identified and reported by Varonis in order to help keep your network safe from stale user accounts and permissions.

• Identify and remediate global access groups that grant access to sensitive and critical data
• Ensure that only appropriate users retain access to sensitive, regulated data
• IRoutinely run a full audit of your servers, looking for any data containers (folders, mailboxes, SharePoint sites, etc.) with global access groups applied to their ACLs
• Replace global access groups with tightly managed security groups
• Start with the most sensitive data and test changes to ensure issues do not arise

It has become quite clear that the future will bring about more accountability for data protection and privacy for businesses; any organization that is not currently on top of their users and accessibility, and fast. It may be an uphill battle for an organization that is overwhelmed by the volume of data to review or doesn’t know where to start. For an organization in this situation, having a risk assessment to learn how potential attackers could exploit the weaknesses in their network, allowing them to prioritize their remediation plans and shore up their defenses.