There’s a long list of ways your organization is vulnerable to attack, but a cloud security vendor offers a thought: one per cent of employees cause 75 per cent of an enterprise’s risks in cloud environments.
CloudLock, a cloud access security broker, made the assertion this week in a report that analyzed user behavior of millions of its customers involving 91,000 cloud applications. (Register here to read the full report)
That one per cent owned 57 per cent of files, 81 per cent of files shared, 73 per cent of excessively exposed files and 62 per cent of app installations. Or, to expand the view, it found the top five per cent of users caused 90 per cent of risk.
“There are cases where the uses are malicious,” the report says, “but most of the time they are unaware they are oversharing company assets” — by, for example, inadvertently dropping a document into a public folder. In other cases a breach is caused through a third party that is sharing the document.
Looking at an unnamed Silicon Valley high tech company with a large cloud deployment, the vendor calculated that of the 800,000 instances of files exposed outside the organization 77 per cent could be traced back to 100 of its 16,000 employees.
The message: “Cyber attacks today target your users – not your infrastructure,” says CloudLock CEO and co-founder Gil Zimmermann. “The best defense is to know what typical user behavior looks like – and, more importantly, what it doesn’t.”
CloudLock has an interest in this conclusion, because it sells a service that offers user behavior analytics and end user notification of risky behavior. And it doesn’t advocate that CISOs give up on buttressing their infrastructure — in fact, it would be irresponsible to do so.
But infosec pros should take a minute to think about the defences they are mounting to identify not only risky user behavior of all staff but also the small number of users who may pose the greatest risks — including members of the security team, database administrators and C-level executives.
In a release CloudLock said its research found tens of thousands of applications installed by highly privileged users, a number it says should be zero given privileged accounts are highly coveted by malicious cybercriminals.
Do you know today who your risky users are? If so, let readers know what you’ve been doing about it in the comments section below.