90 Percent of Organizations Experience At Least One Insider Threat a Month

According to Skyhigh Networks’ Cloud Adoption & Risk Report for Q4 2015, 89.6 percent of organizations experience at least one insider threat each month, up from 85 percent of organizations in Q4 2014.

The average organization, the report found, experiences 9.3 insider threats each month.

The report, based on analysis of cloud usage across more than 23 million employees, defines insider threats as behaviors that uninentionally expose an organization to risk, such as mistakenly sharing a spreadsheet with employee Social Security numbers externally, as well as malicious activity such as exfiltrating proprietary data.

The report also found that 55.6 percent of organizations experience unusual behavior by privileged users, such as administrators accessing data they shouldn’t, each month.

Slightly more than half of all organizations find employee accounts compromised on a monthly basis. Previous research by Skyhigh had found that fully 92 percent of companies have cloud credentials for sale on the Darknet.

“Because employees often bring their own apps to work, companies typically don’t know which ones are being used to store corporate data,” the report states. “Even within the cloud services purchased by a company’s IT department, there is limited visibility into user behavior and how sensitive information is accessed and shared.”

“Similar to previous shifts in technology, such as the rise of the PC and the Internet, the cloud creates new and significant concerns among business leaders about the potential for headline-making security incidents,” the report adds.

According to the report, the average organization experiences 2.4 cloud-enabled data exfiltration events every month, with the average incident involving 410 MB of data.

The report found that 28.1 percent of employees have uploaded a file containing sensitive data to the cloud, and the average organization shares documents with 849 external domains via cloud services.

Among files that are shared externally, 9.2 percent contain sensitive data.

While 15.8 percent of files in the cloud contain sensitive data, 5.4 percent of shared documents are accessible by anyone with a link, and 2.7 percent of shared documents are publicly accessible and indexed by Google.

The average Windows user, the report found, accessed 18.3 distinct cloud services in September 2015 alone.

Among the thousands of cloud providers currently in use, just 9.6 percent encrypt data at rest, and only 18.1 percent support multi-factor authentication.

Recent eSecurity Planet articles have examined five ways to make public cloud more secure, and how VMI can improve cloud security.

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Top Cybersecurity Companies

Related articles