A small number of employees could be responsible for most of the cloud security risk a company faces, research suggests.
According to CloudLock’s Q3 Cloud Cyber Security Report – which featured insights into the behaviour of 10 million cloud users – it is commonplace for a small subset of users to hold the keys to a large part of a firm’s digital assets – making them a prime target for hackers.
“A cyber attack focusing on just these few power users can result in a major data breach for the entire company, risking a majority of company assets,” the report stated.
CloudLock’s findings suggest 75% of a company’s cloud security risk can be attributed to the actions of just 1% of its employee base, based on how much data they hold and how frequently they indulge in high-risk behaviour.
“This trend of disproportionate risk holds true across multiple dimensions of usage, including file ownership, volume of collaboration/sharing, third-party application enablement and exposures of all kinds, with the majority of potentially risky exposures tied to 1% of users,” the report said.
The same holds true from industry to industry, CloudLock’s data suggests, with 1% of users in the finance, education and retail sectors responsible for closer to 80% of the cloud security risk in their organisations.
In all cases, security teams must take steps to find out more about how this group of users behaves, so that proper precautions can be taken to safeguard corporate data, CloudLock advised.
“Understanding the composition of this 1% of users is crucial for security teams: This subset of users includes super-privileged users and software architects, as well as machine-based identities that grant access privileges and archive data,” the company said.
Cloud collaboration risks
The ease with which cloud allows users to collaborate and share corporate data with other employees and authorised third-parties exacerbates the risk.
“The bulk of risk is found in the top 25 most frequent collaborating organisations, providing a clear starting point for security professionals looking to address risk,” the report said.
The research revealed that 70% of the data-sharing that goes on with company outsiders involves non-corporate emails addresses, which makes it harder for in-house security staff to keep tabs on the information.
Taken together, the research highlights the importance of involving the most active cloud users in an organisation’s security processes, said CloudLock CEO Gil Zimmerman.
“Cyber attacks target your users – not your infrastructure. As technology leaders wake up to this new reality, security programmes are becoming re-engineered to focus where true risk lies: With the user,” he said.
“The best defence is to know what typical user behaviour looks like and – more importantly – what it doesn’t.”
Enjoy the benefits of CW+ membership, learn more and join.