Average company exposed to US$28m in data breach risk

The average company with data stored in the cloud has 157,000 sensitive records exposed to the internet, representing US$28 million in data breach risk, according to research from Varonis.

An evaluation of nearly 10 billion cloud objects covered by more than 700 real-world risk assessments of production software-as-a-service (SaaS) environments found that sensitive data is often exposed to the public due to SaaS sharing features.

Meanwhile, one in 10 records stored in the cloud is exposed to all employees, and the average company has nearly 4500 user accounts without multi-factor authentication (MFA) enabled, creating an even greater attack surface.

Even among the average of 33 super admin accounts that exist within the average organisation, more than half did not have MFA enabled.

Another headache for security and IT teams is the fact that companies have more than 40 million unique permissions across SaaS applications, the research found.

Varonis CTO Brian Vecci said the findings demonstrate the danger of taking cloud security for granted.

"When security teams lack critical visibility to manage and protect SaaS and IaaS apps and services, it's nearly impossible to ensure your data isn't walking out the door," he said.

"This report is a true-to-life picture of over 700 real-world risk assessments of production SaaS environments. The results underscore the urgent need for CISOs to uncover and remediate their cloud risk as quickly as possible."

Image credit: iStock.com/anyaberkut