Manufacturers are risking devastating data breaches by giving employees too much access to sensitive files, a new report has warned.
The study from Varonis, which was published yesterday (September 15), “highlights serious problems with the overexposure of data”, said researchers.
It analyzed more than four billion files from 50 organizations to determine the pitfalls organizations in the manufacturing and engineering industries face.
For example, it found that employees can access an average of six million files on their first day on the job, while 44% of organizations left more than 1,000 files open to every employee.
More than one in five had around 10,000 files accessible.
“That level of exposure is very concerning and shows that the manufacturing sector has a long way to go when it comes to data security,” Matt Locke, technical director at Varonis, told The Daily Swig.
“Overexposed data increases risk dramatically – especially if the information is sensitive,” Locke added.
“Think of it as your blast radius – all the damage an attacker could do if they compromise just one user.
“If an employee who has access to millions of files clicks on a phishing email, a malicious Word document, or falls victim to a zero-day, the results could be devastating.”
Top target
The study, titled ‘2021 Data Risk Report – Manufacturing’ (PDF), states that the manufacturing industry was the fifth most targeted sector in 2020.
And while it has, on average, fewer overall exposed files than other highly targeted industries such as finance and healthcare, it still averaged more than 1,675 exposed sensitive files per terabyte of data.
The report recommends: “For these companies with overexposed sensitive data, limiting open access by enforcing a least privilege model is a critical part of risk reduction.
“Manufacturing companies store above-average amounts of stale sensitive data, which increases their attack surface and inflates storage costs unnecessarily.”
The report’s authors added that, on average, 78% of an organization’s sensitive files are ‘stale’ and could be deleted or archived.
And 56% of companies had more than 500 accounts with passwords that never expire, with a further 44% having more than 1,000 active ‘ghost user’ accounts enabled.
Advice
So what should employees in the industry do to help protect their organization against data leaks?
Speaking to The Daily Swig, Locke said: “The advice is simple – but enacting it can be more difficult.
“CISOs should ensure that data is protected and overexposure kept to a minimum. If an employee doesn’t need access to a file to do their job, they shouldn’t be able to get anywhere near it.”
Locke also warned about the dangers of ‘ghost users’, which can include former employees who still have to access their accounts.
In recent years, there have been a number of cases of disgruntled ex-workers logging into their company account to view or steal data.
There is also danger in inactive and unmonitored accounts, which could be accessed by malicious actors unbeknown to the company.
Locke said: “Organizations should also be aware of the risks posed by ghost users – inactive users and service accounts that remain enabled after employees leave their jobs.
“These accounts allow attackers to brute-force their way into networks and steal data.
“Inactive privileged admin accounts must be removed because they allow could cybercriminals to escalate privileges. Prioritize your data and take steps to lock it down – and keep it secured.”
Source: https://portswigger.net/daily-swig/manufacturing-industry-must-limit-internal-data-access-to-prevent-sensitive-leaks-report