All posts by Rachel Hunt

Do Executives and Cybersecurity Pros Agree on Today’s Biggest Cyber Threa...

Do Executives and Cybersecurity Pros Agree on Today’s Biggest Cyber Threats?

Breaches cost companies billions, erode trust and can have a long-lasting negative impact on a company’s brand. With so much as stake, we wondered: are C-Suite executives aligned with their security and IT pros when it comes to cybersecurity?

We asked 345 C-Suite executives and cybersecurity/IT pros in the U.S., U.K., France and Germany some questions to find out.

Dreading Data Loss: What are Executives Top 3 Cybersecurity Concerns?

Corporate executives share the same concerns as their security teams. When asked to name the top three cybersecurity concerns facing their organizations, both groups cited data loss and data theft/exfiltration as their top two concerns.

However, the two groups differed when naming their third main concern. The cybersecurity/IT pros focused on ransomware like 2017’s WannaCry, which cost organizations an estimated $4 billion in total damages in its wake. The C-Suite group was concerned with risks stemming from data alteration – an act of sabotage by changing critical information, such as code for an automated assembly line.

What Types of Data are Executives Most Concerned with Protecting?

An almost unbelievable 9.7 billion data records have been lost or stolen since 2013. Many of these were consumer accounts – everything from account information, email addresses, phone numbers, personal identifying information and more. When asked what type of data they were most concerned with protecting, both C-Suite executives and cybersecurity/IT pros prioritized customer or patient data and intellectual property. However, the C-Suite executives named protecting employee data over financial data as their third biggest data concern.

Business Impact of Data Breaches

When asked which business issues were affected by cybersecurity, both groups listed the same top three concerns, but in a different order. Cybersecurity/IT pros highlighted brand perception as their top business issue, while the financial-focused C-Suite named costs associated with breach (recovery, regulatory fines, etc.) as their top business issue.

Grading the Security Experts

Cybersecurity/IT folks are a confident bunch: 96% agreed with the statement “My organization’s IT/security planning and approach is aligned with organizational risks and objectives.” The C-Suite group, however, wasn’t as generous in doling out high marks: only 73% agreed. The results suggests that there’s more (team)work to be done to ensure both groups are united in fighting the same battle.

Moving the Cybersecurity Needle

C-Suite members were less likely to agree that their organization is making headway on improving their cybersecurity stance: 69% agreed with the statement “My organization is making measurable progress when it comes to cybersecurity.” The cybersecurity/IT respondents were far more optimistic, with 91% agreeing with this statement. With high-profile breaches hitting some of the largest companies around the world, executives may be more likely to feel like they’re treading water.

 Speak Up, Security Pros

The vast majority – 94% of cybersecurity/IT experts – believe their company’s leadership team acts on their advice when it comes to security threats. Not so fast, say the executives: Only 76% report they take input and guidance from their IT and security staff regarding cybersecurity threats. Their responses suggest that security teams and IT pros could benefit from more face time, if not a seat at the executive table.

Quantifying the Cybersecurity Investment

According to Cybersecurity Ventures, spending on products and services will surpass $1 trillion over the next five years. We asked the C-suite and security/IT pros if they could quantify how their cybersecurity measures affected their business. Only 68% of the C-Suite group agreed, while 88% of the cybersecurity/IT group agreed – suggesting that executives need more information on how their cybersecurity investment and efforts are making a quantifiable impact on their company’s bottom line.

Data breaches and security missteps continue to keep C-level executives pacing in their corner offices. Factor in a new crop of data privacy regulations, from the GDPR to the California Consumer Privacy Act, and you’ve got concerned leaders worrying if the next big breach or lawsuit will hit their company – and potentially send them packing. Cybersecurity and IT pros have room to step up and be heard.

 

5 Cybersecurity Concerns of Industry Insiders

5 Cybersecurity Concerns of Industry Insiders

We asked professionals attending two of the world’s biggest cybersecurity conferences – RSA in San Francisco and Infosecurity in London – five questions to gauge their opinions and attitudes about current issues and concerns on everything from GDPR and the Facebook data scandal to cloud security. Read on to discover what we found after surveying folks who live and breathe security every day.

Question 1: Should the U.S. and/or individual states standardize data privacy laws (including the right to be forgotten)?

Companies around the world scrambled to locate and lock down their data as the highly anticipated EU GDPR deadline arrived on May 25, 2018. EU citizens welcomed the GDPR, gaining control of their data and flexing their data privacy muscles. For the first time, consumers could demand companies locate and delete their personal information with the GDPR’s “right to be forgotten” policy.

The GDPR deadline brought a wave of “privacy policy warning” pop-ups. Websites big and small updated their privacy policies to accommodate the new guidelines to cover their bases. While many organizations are still figuring out what it takes to comply, some U.S. states, such as California, are getting a serious case of GDPR envy and crafting data privacy laws modeled after the EU legislation. This is only the beginning and more states will likely follow with laws of their own.

Our survey found that 90% of cybersecurity professionals believe the U.S. and individual states should standardize data privacy laws. New data laws could be game changers for organizations of all sizes: Most companies are not equipped to handle the influx of consumer requests and meet their new data obligations under these new laws.

Question 2: In the wake of the Facebook/Cambridge Analytica news, will you continue to use Facebook?

When Facebook and Cambridge Analytica were caught red-handed harvesting and misusing personal data of 87 million users – in violation of its own terms and conditions – some expected a backlash against the social media giant.

Despite the recent controversy, 54% of security pros plan to continue to use Facebook. However, many may be starting to think before they “like,” or delete accounts entirely, with 42% of security pros stating they’ve stopped using Facebook (21%) or don’t use Facebook (21%).

Question 3: Where would your organization’s proprietary information and customer data be best protected from insider threats and cyberattacks?

While “cloud” is one of the biggest security buzzwords of 2018, the reality is most organizations follow a hybrid model and store their data both on-premises and in the cloud.

Recent attacks have shown that organizations can’t put all their eggs in the cloud basket and trust that their data is safe. For example, unsuspecting administrators from companies like FedEx, the Republican National Committee and Accenture all left important data exposed on Amazon Web Services S3 buckets – demonstrating that the cloud is still vulnerable when basic security principles aren’t followed.

Got cloud? Not so fast: 40% of respondents believe their data is best protected from insider threats and cyber attacks in on-premises data stores. 23% of cybersecurity professionals believe their organization’s proprietary data is safest in cloud data stores. 34% of respondents said it doesn’t matter where data stored.

Question 4: Does your organization keep Bitcoin in reserve to pay off attackers?

When the cold, hard (digital) cash became hackers’ preferred payment method after hitting victims with ransomware, companies started to stockpile Bitcoin for fast access to get their data back – or were they?

Following the monumental WannaCry ransomware attack, which cost organizations around the world (by some estimates) nearly $4 billion in losses, organizations aren’t seeing the need to saving the controversial cryptocurrency for a rainy day. The vast majority — 84% of respondents — stated that their organization doesn’t keep Bitcoin on hand. Just 13% of cybersecurity professionals are saving Bitcoin for a possible attack.

Question 5: Is your organization better at protecting itself from cybersecurity threats than it was one year ago?

A lot can happen in a year: a plethora of social media breaches, a continued surge in cloud migrations, the introduction of several new data-privacy laws, and more. According to respondents, more than half (64%) believe they are in better cybersecurity shape than last year, while 16% say they’re doing about the same at warding off attacks.

Are organizations overly confident in their security? Some companies may be overdue for a reality check: Earlier this year, we found that 58% of organizations have more than 100,000 folders with sensitive open to all employees – putting them at risk from insider attacks, ransomware and other threats.

Is your organization at risk? Contact us today for a free Data Risk Assessment.

58% of organizations have more than 100,000 folders open to all employees

58% of organizations have more than 100,000 folders open to all employees

Like a wardrobe malfunction during a live broadcast, no one wants to be overexposed – especially when it comes to your data.

The surprising truth: most companies go about their business blithely unaware that some of their most sensitive data is wide open. And by “some” we mean a lot. In fact, our latest research shows that 41% of organizations had at least 1,000 sensitive files open to all employees.

As we know, it only takes one leaked file to cause a headline-making data breach. We’ve seen how one unpatched server can lead to a disaster; a single “unpatched” folder filled with sensitive files can be just as disastrous — and it doesn’t take an expert or sophisticated code to exploit it.

That’s where Varonis Data Risk Assessments come in. Every year, Varonis conducts thousands of risk assessments for companies around the globe. Using the Varonis Data Security Platform (DSP), we identify where sensitive and regulated data resides, show what’s overexposed and vulnerable, and provide actionable recommendations to increase your data security posture. Think of a Data Risk Assessment as a reality check on your data – that friend who tells you you’ve got a button undone. And they’re free (but more on that later).

We examined a random sample of Data Risk Assessments to understand just how exposed companies really are when it comes to their critical data. The results are now available in Data Under Attack: 2018 Global Data Risk Report from the Varonis Data Lab.

Findings from the report include:

  • 58% of organizations have more than 100,000 folders open to all employees
  • 21% of folders were accessible to every employee
  • 41% had at least 1,000 sensitive files open to all employees
  • On average, 54% of an organization’s data was stale, which adds to storage costs and complicates data management
  • On average, 34% of user accounts are enabled, but stale, “ghost” users who still have access to files and folders
  • 46% of organizations had more than 1,000 users with passwords that never expire

Read the full report Data Under Attack: 2018 Global Data Risk Report from the Varonis Data Lab.

Did we mention Data Risk Assessments are free?* Learn more today and request yours at https://info.varonis.com/start

*So you’re the kind of person who likes to read the fine print (so are we). Yes, they’re actually free.

New Survey Reveals GDPR Readiness Gap

New Survey Reveals GDPR Readiness Gap

With just a few months left to go until the EU General Data Protection Regulation (GDPR) implementation deadline on May 25, 2018, we commissioned an independent survey exploring the readiness and attitudes of security professionals toward the upcoming standard.

The survey, Countdown to GDPR: Challenges and Concerns, which polled security professionals in the UK, Germany, France and U.S., highlights surprising GDPR readiness shortcomings, with more than half (57%) of professionals still concerned about compliance.

Findings include:

  • 56% think the right to erasure/”to be forgotten” poses the greatest challenge in meeting the GDPR, followed by implementing data protection by design.
  • 38% of respondents report that their organizations do not view compliance with GDPR by the deadline as a priority.
  • 74% believe that adhering to the GDPR will give them a competitive advantage over other organizations in their sector.

After Equifax and WannaCry: New Survey on Security Practices and Expectati...

You’ve seen the headlines: Breaches are hitting high-profile organizations almost daily. After major events — the WannaCry and NotPetya outbreaks, and most recently the Equifax breach — we wanted to know if professionals responsible for cybersecurity in their organizations are shoring up their security, what approaches they are taking, and if they believe they are prepared for the next big attack.

Today we release the results of a new independent survey: After Equifax and WannaCry: Security Practices and Expectations.

The survey, which polled 500 IT professionals responsible for cybersecurity in the UK, Germany, France and U.S., highlights an alarming disconnect between security expectations and reality: While 45% of IT professionals are bracing for a disruptive cyber attack in the next year, the vast majority (89%) profess confidence in their cybersecurity stance.

Other notable findings include:

  • 25% reported their organization was hit by ransomware in the past two years.
  • 26% reported their organization experienced the loss or theft of company data in the past two years.
  • 8 out of 10 respondents are confident that hackers are not currently on their network.
  • 85% have changed or plan to change their security policies and procedures in the wake of widespread cyberattacks like WannaCry.

Read the full survey:

After Equifax and WannaCry: New Survey on Security Practices and Expectations.

Global Manufacturer Relies on DatAdvantage as it Moves to the Cloud

Global Manufacturer Relies on DatAdvantage as it Moves to the Cloud

Dayton Superior is a leading manufacturer for the non-residential concrete construction industry. With thousands of products used in more than one million buildings, bridges and other structures worldwide, Dayton Superior has an ongoing need to monitor and protect information on its network.

The Ohio-based company first began using DatAdvantage several years ago after a major acquisition in which company’s employees were merged into a single IT environment. DatAdvantage gave Dayton Superior deep visibility into the files on their network. For the first time, the company could locate missing files and lock down access to individual users, departments or project teams.

Now, nearly seven years after Dayton Superior first turned to Varonis for insight into its on-premises IT systems, the company will be using DatAdvantage for their new cloud-based environment with Microsoft Office 365 OneDrive for Business and SharePoint.

By moving to the cloud, Dayton Superior aims to decrease its need for internal storage while providing employees with flexible access to documentation from remote devices. Once the migration is complete, DatAdvantage will continue to help the company monitor activity, track user behavior, and control user access to files on the network.

 

Click here to read the full case study

 

Adylkuzz: How WannaCry Ransomware Attack Alerted The World To Even Worse Th...

Image: Canadian Institute of Mining, CC-BY

Your garden variety ransomware, like Cerber, is the canary in the coal mine that rudely, but thankfully announces bigger security issues: insider threats and cyberattacks that take advantage of too much employee access to files. As disruptive as WannaCry has been to vulnerable organizations, this is their canary in the coal mine moment that should alert them to more deadly attacks that don’t announce their presence, like the cryptocurrency miner Adylkuzz.

Researchers at Proofpoint have identified an attack that is larger and sneakier than WannaCry, and one that may have slowed WannaCry’s spread. Adylkuzz is a malware that uses the same exploits designed by the NSA and utilized in the WannaCry attack, but instead of announcing itself, it quietly installs a hidden program to mine for cryptocurrency that the attackers can then use. Even more interesting, Adylkuzz then blocks the SMB port to avoid further infection, such as a WannaCry infection.

Upon successful exploitation via EternalBlue, machines are infected with DoublePulsar. The DoublePulsar backdoor then downloads and runs Adylkuzz from another host. Once running, Adylkuzz will first stop any potential instances of itself already running and block SMB communication to avoid further infection. It then determines the public IP address of the victim and download the mining instructions, cryptominer, and cleanup tools.

Adylkuzz has over 20 hosts designed to scan and launch attacks, and more than a dozen command and control (C&C) servers at any given time. Within 20 minutes of connecting a test computer with the known vulnerability to the Internet, it was infected with Adylkuzz.

In this instance, instead of your files being held hostage, your processing power is drained and you’re out a few thousand Moneros.  But none of this compares to the hacker who decides to play the long game with DoublePulsar and EternalBlue and stealthily survey and exfiltrate all the health records, student records, intellectual property and incriminating emails they can get their hands on.

WannaCry changed the world and proved that the bad guys will find their way past any perimeter security.  Defense-in-depth should be on your mind. The value of information and the systems that store it is clear – very few organizations can function when their data is inaccessible – no one can function when their data is stolen and their organizational reputation destroyed. If you don’t address the vulnerabilities surrounding your data and your systems you will lose. Obviously you need to patch, but you can’t stop there – you need to continually question your layers of defense: What if a user’s account or system gets compromised? What data can that account access? How would I see abuse? What would it mean if this data was lost or stolen?

No one can prepare for every possible scenario, but organizations need to raise their game. If an organization is patched, restricts employee access to data and systems, and monitors and alerts on unusual activity, they should be in reasonably good shape to withstand this and other attacks.

Varonis stops ransomware by, 1) reducing what normal employee accounts can access (pruning privileges they don’t need), 2) watching how users use data to spot attacks like ransomware in progress, and 3) automatically locking out offending accounts.

Learn how we’re helping out customers spot and stop ransomware and other insider threats: https://www.varonis.com/ransomware-solutions.

Image: Canadian Institute of Mining, CC-BY

2017 Varonis Data Risk Report: 47% Had at Least 1,000 Sensitive Files Expos...

2017 Varonis Data Risk Report: 47% Had at Least 1,000 Sensitive Files Exposed

Today we released the 2017 Varonis Data Risk Report, showcasing an alarming level of exposure for corporate and sensitive files across organizations, including an average of 20% of folders per organization open to every employee.

Using the Varonis Data Security Platform (DSP), Varonis conducted over a thousand risk assessments for customers and potential customers on a subset of their file systems. The assessment provides insight into the risks associated with corporate data, identifies where sensitive and regulatory data resides, reveals over-exposed and high risk areas and makes recommendations to increase their data security posture.

Here is a sample of the risks discovered:

Failure to reduce the use of global access groups, lock down sensitive files and dispose of stale data exposes an organization to data breaches, insider threats and crippling ransomware attacks.  By identifying and reducing exposed data through global access, broken ACLs and unique permissions, organizations are able to decrease their attack footprint and maintain compliance standards.

“We found files with sensitive PII in places it should not have been,” said a Chief Security Officer for a state and local government in a recent TechValidate customer survey.

According to that same survey, 68% of end users perform a risk assessment to validate security concerns, 95% agree that the risk assessment helped them identify at-risk, sensitive and classified data and build a plan of attack to reduce the likelihood of a data breach and 82% rate global access remediation a top priority after seeing the results.

“The initial assessment gets the immediate attention of management, which then assists in building and executing the internal remediation process,” said a Security Manager at a beverage company in the same TechValidate customer survey. “Varonis does an excellent job of identifying internal data security vulnerabilities.”

Download the 2017 Varonis Data Risk Report here and then request your own risk assessment.

Varonis Data Security Platform Listed in Gartner 2017 Market Guide for Data...

Varonis Data Security Platform Listed in Gartner 2017 Market Guide for Data-Centric Audit and Protection

In 2005, our founders had a vision to build a solution focused on protecting the data organizations have the most of and yet know the least about – files and emails.  Executing on this vision, Varonis has built an innovative Data Security Platform (DSP) to protect enterprise data against insider threats, data breaches and cyberattacks.

To this end, we are pleased to be listed as a representative vendor in Gartner’s 2017 Market Guide for Data-Centric Audit and Protection (DCAP) for the capabilities found within our DSP.

According to Gartner, “By 2020, data-centric audit and protection products will replace disparate siloed data security tools in 40% of large enterprises, up from less than 5% today.”

“Traditional data security approaches are limited because the manner in which products address policy is siloed, and thus the organizational data security policies themselves are siloed,” Gartner said in the guide. “The challenge facing organizations today is that data is pervasive and does not stay in a single silo on-premises, but is compounded by the use of cloud SaaS or IaaS. There is a critical need to establish organization wide data security policies and controls based upon Data Security Governance (DSG).”

Gartner recommends that organizations “implement a DCAP strategy, and ‘shortlist’ products that orchestrate data security controls consistently across all silos that store the sensitive data.” Further, the report advises, “A vendor’s ability to integrate these capabilities across multiple silos will vary between products and also in comparison with vendors in each market subsegment. Below is a summary of some key features to investigate:”

  • Data classification and discovery
  • Data security policy management
  • Monitoring user privileges and data access activity
  • Auditing and reporting
  • Behavior analysis, alerting and blocking
  • Data protection

The Varonis DSP protects enterprise data by analyzing content, accessibility of data and the behavior of the people and machines that access data to alert on misbehavior, enforce a least privilege model and automate data management functions.

Explore the use cases and benefits of a DSP today.

Source: Gartner Market Guide for Data-Centric Audit and Protection, March 21, 2017

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

 

The Varonis Connect Customer Conferences Are Coming: Education and Network ...

The Varonis Connect Customer Conferences Are Coming: Education and Network Opportunities

This April we will kick off our annual series of Varonis Connect customer events where attendees will learn about new Varonis product innovations and share experiences and success stories.

The series, in its 6th year, runs through June across 33 cities in North America and Europe.  In fact, we’ve added 11 more cities than last year, and we expect attendance to increase as well!

Varonis Connect attendees, from the company’s rapidly expanding customer base, will learn how to use the Varonis Data Security Platform (DSP) for an increasing range of use cases, including data security, mitigating ransomware attacks, meeting compliance regulations like HIPAA and GDPR, user behavior analytics, archiving, search and file synchronization and sharing. Varonis engineering and product teams will be on hand to provide attendees with personalized consultations.

2017 Connect Event Schedule:

United States & Canada: Europe: 
April 5: San Francisco, CA April 4: Milan, Italy
April 6: Irvine, CA April 19: Amsterdam, Netherlands
April 11: Orlando, FL April 20: Brussels, Belgium
April 12: Fort Lauderdale, FL April 25: Munich, Germany
April 12: Boston, MA April 27: Madrid, Spain
April 18: Salt Lake City, UT May 4: London, England
April 18: Cincinnati, OH May 11: Geneva, Switzerland
April 19: Indianapolis, IN May 17: Luxembourg
April 19: Des Moines, IA May 18: Paris, France
April 20: Minneapolis, MN May 23: Zurich, Switzerland
April 25: Atlanta, GA May 24: Leeds, England
April 27: Washington D.C.
May 2: Calgary, Canada
May 3: Seattle, WA
May 3: Raleigh, NC
May 4: Charlotte, NC
May 4: Portland, OR
May 23: Green Bay, WI
May 24: New Haven, CT
May 24: Chicago, IL
June 1: New York, NY
June 6: Cleveland, OH

Customer Registration:

Varonis Connect 2017 is free and open to Varonis customers. If you would like to inquire about attending or would like to receive an invitation, please email marketingevents@varonis.com.

It’s Not Just Waymo: IP Most at Risk According to Our RSA Survey

It’s Not Just Waymo: IP Most at Risk According to Our RSA Survey

This year, the RSA Conference boasted over 43,000 attendees and 557 exhibitors spread across two enormous and cacophonous halls. Even in the quiet of the hotel room, my ears rang with echoes of the discordant noise about new potential threats. Let’s just say I’ll be eyeing every public outlet from which I charge my phone with suspicion.

Tom Foremski, ex-Financial Times journalist and editor/publisher of Silicon Valley Watcher, summed up the experience nicely via ZDNet:

[G]oing to RSA show will likely cause your mind to race in panic at all the vectors of malice that the security vendors will happily tell you about.

Foremski and those he interviewed discussed the implications of a widening security pit: how we could buy every tool on the market and still not be 100% secure. Forrester Consulting has coined this “expense in depth” in a recently released study, writing:

The reality is that companies have spent a lot of money on individual technology — instead of a unified data security strategy — and are judging their maturity based on money spent.

Or in other terms, companies are focused on threats (as the RSA newsfeeds testified) rather than the data – customer, employee, intellectual property and financial data – any of which would be toxic if stolen or made public (e.g., Waymo IP theft – keep reading).

The RSA Data Security Results

We surveyed security professionals who stopped by our booths at RSA about how their companies identify, classify, protect and monitor data.  The results are in and echo the Forrester study:

  • 72% use 3 or more data security tools (and over 50% use 5 or more).
  • Respondents are not confident in the ability to identify, classify, protect and monitor their enterprise data, with few stats crossing the 50% line:
    • Employee data fares the best with 67% completely confident in knowing exactly where this data resides on the network, 59% enforce a least privilege model against it and only 45% audit access to it and alert on abuse.
    • Less than 50% of respondents can identify the location and monitor for anomalous behavior on customer and financial data.
    • Coming in last for all categories is intellectual property — one of the most toxic and costly data sets. Well under 45% are confident in their ability to identify, classify and restrict access on a need-to-know-basis to this data set: even more concerning, only 30% monitor IP for access and abuse.

While the similarities to the Forrester study are validating, real world examples showing how these data sets quickly turn toxic drive the point home even more. Let’s take a look at one of those examples.

Waymo and the Alleged Toxic IP Leak

Last week, Waymo, pioneers in self-driving car technologies, announced legal action against competitors Otto and Uber for the alleged theft at the hands of several former employees of more than 14,000 highly confidential and proprietary design files.

Mention this theft to any R&D head, CEO or CISO and they’ll cringe at the thousands of man hours, millions of R&D dollars and expected revenue that drove off the parking lot.  To put more context around this, Waymo spent seven years in R&D on self-driving technologies including their own in-house hardware, accumulated 1.5 million miles of experience on public roads and billions of miles in simulation tests.  Self-driving technology is how they make their money; now key components of that technology appear to have fallen into the hands of a competitor.

The loss and future damage of stolen IP is enough to cripple any company, maybe even put them out of business. Yet we see time and again in our risk assessments that sensitive data like IP is not identified, classified or monitored for abuse. Both the Forrester Study and our RSA survey results found that 60% of organizations do not enforce a need-to-know access model for this type of highly confidential information and even fewer monitor access for abusive behavior – like a sudden flurry of access activity on files an employee may not normally access (cue Paul Harvey: “And now for the rest of the story”… employee gives his resignation a few days later).

The allegations of IP theft at the hands of multiple former employees who are now at a competitor is a story we’ve seen (and blogged about) before: an ambitious insider not only steals IP but recruits other colleagues to do the same, and then he takes both to a competitor. The Waymo complaint outlines how the alleged ringleader, the founder of Otto, stole 9.7 GB of highly confidential data and tried to cover his tracks, and it alludes to collusion with several employees who followed suit:

A number of Waymo employees subsequently also left to join Anthony Levandowski’s new business, downloading additional Waymo trade secrets in the days and hours prior to their departure [emphasis mine].

Regardless of the court’s decision in the Waymo case, this serves as a wake-up call for any company who has data that would be toxic to the company’s revenues and reputation if it were stolen or made public.

And Now for the Rest of the Story

Data has real value.  Self-driving technology alone has the power to change the world and save lives. And there are many other types of innovations being worked on and invested in.  Organizations need to start seeing this data and data security as a driver of business growth. Ensuring that the right people and only the right people have access will accelerate bringing this innovation to market and drive competitive advantage – the flip side to this coin is very real, and we see it playing out in the Waymo/Uber case, where too much unmonitored access can give a competitive advantage to the other guy.

The final piece to our RSA survey asked respondents about the benefits they would receive with a unified data security platform – in other words, a solution that would have stopped or greatly reduced the damage of the Waymo IP theft. The top rated benefits include:

  • quicker response to breaches (60%)
  • improved ability to identify data (60%)
  • improved ability to spot anomalous behavior (56%)
  • increased visibility on access and usage of sensitive data (55%)

Want to see what type of data might be overexposed in your company?  Our Data Risk Assessment gives a snapshot of your data security to quickly ascertain the level of risk associated with your data: exposing high risk areas and where you can safely and swiftly pull back access, reducing your risk profile.

Get more details on our Data Risk Assessment.