"Average Company With Data in The Cloud Faces $28 Million in Data Breach Risk"
According to researchers at Varonis, hard-to-control collaboration, complex SaaS permissions, and risky misconfigurations, such as admin accounts without multi-factor authentication (MFA), have left a dangerous amount of cloud data exposed to insider threats and cyberattacks. The researchers analyzed nearly 10 billion cloud objects (more than 15 petabytes of data) across a random sample of data risk assessments performed at more than 700 companies worldwide. The researchers noted that in the average company, 157,000 sensitive records are exposed to everyone on the internet by SaaS sharing features, representing $28 million in data breach risk. One out of every 10 records in the cloud is exposed to all employees, creating an impossibly large internal blast radius, which maximizes damage during a ransomware attack. The researchers noted that the average company has 4,468 user accounts without MFA enabled, making it easier for attackers to compromise internally exposed data. The researchers also found that out of 33 super admin accounts in the average organization, more than half did not have MFA enabled. This makes it easier for attackers to compromise these powerful accounts, steal more data, and create backdoors. The researchers noted that companies have more than 40 million unique permissions across SaaS applications, creating a nightmare for IT and security teams responsible for managing and reducing cloud data risk. The researchers stated that cloud security shouldn’t be taken for granted.