Manufacturers leaving sensitive data at risk

The manufacturing sector is leaving itself open to significant hidden security risks by failing to limit employees’ access to potentially sensitive data, new research from Varonis suggests.

A random sample of data risk assessments from 50 manufacturing companies found that on average nearly one out of every five files stored by the sector are open to all employees.

Every employee can access on average 6 million files from their first day on the job, the research found. Around 40% of organisations have at least 1000 sensitive files open to every employee.

Larger companies are twice as exposed, with employees at firms with more than 1500 workers able to access over 12 million files — one in 10 of which are sensitive.

Sensitive data can include intellectual property, employee data, manufacturing and supply chain information, product development documentation, and marketing plans.

Meanwhile manufacturing companies continue to have poor visibility into their user accounts. Around 44% of companies have more than 1000 active ghost user accounts available, and more than half of companies have over 500 accounts that use passwords which never expire.

“Manufacturers hold sensitive and incredibly valuable data that put them at risk. And as we saw with WannaCry, DarkSide and so many other attacks, ransomware can stop production lines and halt businesses,” Varonis technical director Matt Lock said.

“All too often, information is overexposed and underprotected. To limit the damage attackers can do, you must reduce your blast radius.”

Image credit: ©stock.adobe.com/au/Sashkin