New Imperva report reveals why old security fails

Data and application security solution company Imperva has released its new Hacker Intelligence Initiative (HII) report.

The report analyses the ability of access control to adequately limit an attacker’s scope for inflicting damage on an organisation, and states three primary reasons why the old approach to file security no longer works:

  1. Permissions are granted, but rarely revoked
  2. Users do not touch most files to which they have permitted access
  3. Enterprise-level file permissions have become increasingly complex

According to the report, most employees use less than 1% of files they are allowed to access with the remaining 99% of the files being used temporary; users permit that files grow over time, with access freely granted and rarely revoked.

“Traditionally, permissions management is manual, time consuming and often inaccurate or out-dated; creating a gap in which data contained in files can be lost, stolen or misused by malicious, careless, or compromised users,” said Amichai Shulman, CTO at Imperva.

“Detection and containment of insider threats requires an understanding of both users and how they use enterprise data,” she added.

Written from press release by Leah Alger