Imperva’s Hacker Intelligence Initiative Report Published

The new Hacker Intelligence Initiative (HII) report  reveals three primary reasons why the traditional approach to file security no longer works:

* Permissions are granted, but rarely revoked.
* Users do not touch most files to which they have permitted access.
* Enterprise-level file permissions have become increasingly complex.

The report demonstrates that relying on access control alone broadens the risk surface and is not a sustainable method for securing enterprise files. The primary research, conducted by Imperva in customer environments, finds that user permissions to files grow over time; while access is granted freely, it is rarely revoked.

In fact, most employees use less than 1 percent of the files they are allowed to access. Furthermore, 99 percent of the files are used on a temporary basis as related to a specific project and rarely accessed again.

“Traditionally, permissions management is manual, time consuming and often inaccurate or outdated, creating a gap in which data contained in files can be lost, stolen or misused by malicious, careless, or compromised users,” said Amichai Shulman, CTO and co-founder of Imperva.

“Detection and containment of insider threats requires an understanding of both users and how they use enterprise data."