Users are the weakest link when it comes to cybersecurity, with only 1 percent representing 75 percent of the security risk in a cloud environment, according to a new cloud cybersecurity report released yesterday.
The CloudLock Cyberlab analyzed 10 million users as well as 1 billion files and more than 91,000 applications and found that it isn’t the business of network infrastructure that cybercriminals target, but rather a very small number of users. For this reason it is vital for those developing security programs to study user behavior.
Trends in Cloud Cybersecurity
The CloudLock report examines trends across users, applications and collaboration and reveals that the 80:20 rule or law of the vital few (officially the Pareto Principle) is valid across all three of these primary dimensions.
- Just 1 percent of all computer and computer network users create three quarters (75 percent) of all cloud cybersecurity risk in organizations by behaving in an “abnormal” manner, whether malicious or unintentional.
- Organizations were found to collaborate on average with 865 outside parties with a mere 25 of these accounting for three quarters of each organizations’ cloud-based sharing activities. Alarmingly, 70 percent of this sharing is via non-corporate emails that security teams have minimal control over.
- Just 1 percent of users represent 62 percent of all the applications installed in the cloud, which further increases the high-risk volumes. Another concern is that 52,000 application installations are carried out by users that are highly privileged; the problem being that malicious cybercriminals are known to target privileged accounts.
The 14-page report also reveals that the individuals who make up the risky 1 percent are also responsible for ownership of 57 percent of files; sharing of 81 percent of files; and 73 percent of files that are “excessively exposed.” This means it is crucial for those in charge of security to understand the composition of this 1 percent that is frequently comprised. They are not only the privileged users mentioned above, but also machine-based identities that are designed to allow access to archived data and other privileges, as well as various software architects.
Acknowledging the fact that there has been a long established risk that is linked to unintentional “user-induced exposure in the cloud,” the report points out that cybercriminals have learnt how to exploit these users and not only access corporate and Government environments, but also compromise credentials. Furthermore, it found that no industries are immune from these cloud cybersecurity risks: “The bottom line: across all industries, risk can be explained by a small percentage of users.”
Data ownership in the cloud was also found to be disproportionately high, with the top 1 percent of users owning more than half (57 percent) of the organization’s digital assets. This figure rose to 81 percent when the digital assets of the top 5 percent were taken into account. In reality this would mean that simply targeting the few who own digital assets could cause a major data breach that could put a very large percentage of the company’s assets at risk.
So how is the distribution of cloud cybersecurity risk calculated?
According to the report it is a combination of behaviors that is potentially risky, together with usage volumes of users, and corporate security policy violations. And the stats reveal, yet again, that just 1 percent of users are responsible for most cloud cybersecurity risk in any one organization.
- The top 1 percent create 75 percent of risk
- The top 5 percent create 90 percent of risk
- The remaining 95 percent are not much of a risk at all, accounting for a mere 10 percent
This remains the reality, even though most of the users who create risks are not aware of what they are doing (for example “oversharing” the company’s assets). All they have to do to create risk is drag and drop files to public folders, or make a folder public without informing another collaborator that this has been done.
In many circumstances, employee security training will decrease the risk dramatically. For Instance, a case study cited in the report shows how a travel industry firm was able to decrease its potentially risky public exposure by 62 percent in a single day, just be analyzing user behavior and then reaching out to their top users.
Another enormous risk lies with third party suppliers that are connected to the company via the cloud. They might be totally honest and reliable, but if they are compromised, their vulnerability can become high risk for the company they are collaborating with. It shouldn’t be surprising to find that the so-called law of the vital few applies in this instance too, with the top 25 external organizations accounting for three quarters of inter-organizational sharing. Additionally, the top 25 applications were found to account for 65 percent of all third-party app installations, many of which were found to be linked not to business itself, but to business functions.
Four Strategies to Help Remedy Risk
Having identified that cloud cybersecurity is disproportionate across users, collaborators or applications, CloudLock suggests four strategies to help remedy risk:
1. First focus on the riskiest users
2. Then focus security on the top 25 collaborators, and then the balance
3. Take action when third party applications are discovered
4. Opt for platforms that offer multi-cloud insights rather than point security solutions
By Penny Swift