After scanning approximately 6.5 million Google Drive files, Metomic found 40.2% contained sensitive data that could put an organisation at risk of a data breach or cybersecurity attack.
âAccording to Metomicâs 2023 Google Scanner Report, documents that had been shared externally often contained confidential information, with 18,000 files flagged as having âhighly sensitiveâ data, like PII
London, England, (Black Hat Europe 2023, Booth 444) â December 6, 2023 â Metomic, a next generation data security solution for protecting sensitive data in the new era of collaborative SaaS, today announced the results of its 2023 Google Scanner Report, offering insights on the amount of sensitive data that is often stored in Google Drives without any protective oversights. After scanning approximately 6.5 million Google Drive files, Metomic found 40.2% contained sensitive data that could put an organization at risk of a data breach or cybersecurity attack.
In addition to identifying potentially vulnerable information, Metomic also discovered that 34.2% of all the files scanned were shared with external contacts (email addresses outside of the companyâs domain) and more than 350,000 files (0.5%) had been shared publicly, giving access to anyone who had the document link. Among the files identified as containing sensitive informationâincluding confidential employee contracts and spreadsheets full of passwordsâ18,000 files were flagged as âCritical Levelâ data files, meaning the information contained âHighly Sensitiveâ data or the file permissions were not applied securely.Â
âGoogle Workspace has more than 3 billion users. With so many businesses leveraging Google Docs, Google Sheets and Google Slidesâand sharing those docs with partners, customers, consultants, vendors and anyone else they do business withâitâs mind-boggling to think of how much sensitive data is accessible to people outside of an organization and how blind most security teams and business leaders are to this,â said Rich Vibert, CEO, Metomic. âOur Google Scanner Report puts a spotlight on the amount of vulnerable data living in Google Drives around the world, underscoring just how critical it is that businesses know what data is being stored, where it is stored, and who has access to it. The best way to prevent a data breach is to protect your businessâ vulnerable data so that it does not end up in the wrong hands. Metomicâs Google Scanner & Risk Report makes clear how big of a challenge this is for IT and security teams who are struggling to strike a balance between protecting their companyâs reputation and ensuring employees have access to effective SaaS tools that drive collaboration and productivity across the business.âÂ
According to IBMâs Data Breach Report, the average cost of a data breach has increased 15% over the last three years, reaching $4.45 million in 2023. More than 50% of organizations report they are increasing their security budgets as a result of a breach, with plans to spend more on incident response planning and testing, employee training, and threat and detection tools.Â
With data breaches becoming more frequent across industries and geographic locations, itâs imperative that businesses gain full visibility into the data stored in their SaaS ecosystems, including Google Workspace apps. Often, vulnerable data is exposed, not because of malicious intent, but unintentionally by an employee who simply didnât realize they were making sensitive data public or sharing it with the wrong people.Â
Metomic's DLP tool for Google Drive gives IT and security teams full visibility into their SaaS ecosystem so that they can control what data is accessible to who.
Have a read of our findings in full, showing the risky nature of storing sensitive data in Google Drive.