Report: Cybercriminals Rely On People To Access Corporate Environments

Cybercriminal Report

Users are the weakest link when it comes to cybersecurity, with only 1 percent representing 75 percent of the security risk in a cloud environment, according to a new cloud cybersecurity report released yesterday.

The CloudLock Cyberlab analyzed 10 million users as well as 1 billion files and more than 91,000 applications and found that it isn’t the business of network infrastructure that cybercriminals target, but rather a very small number of users. For this reason it is vital for those developing security programs to study user behavior.

Trends in Cloud Cybersecurity

cloud-report-2015

The CloudLock report examines trends across users, applications and collaboration and reveals that the 80:20 rule or law of the vital few (officially the Pareto Principle) is valid across all three of these primary dimensions.

  • Just 1 percent of all computer and computer network users create three quarters (75 percent) of all cloud cybersecurity risk in organizations by behaving in an “abnormal” manner, whether malicious or unintentional.
  • Organizations were found to collaborate on average with 865 outside parties with a mere 25 of these accounting for three quarters of each organizations’ cloud-based sharing activities. Alarmingly, 70 percent of this sharing is via non-corporate emails that security teams have minimal control over.
  • Just 1 percent of users represent 62 percent of all the applications installed in the cloud, which further increases the high-risk volumes. Another concern is that 52,000 application installations are carried out by users that are highly privileged; the problem being that malicious cybercriminals are known to target privileged accounts.

The 14-page report also reveals that the individuals who make up the risky 1 percent are also responsible for ownership of 57 percent of files; sharing of 81 percent of files; and 73 percent of files that are “excessively exposed.” This means it is crucial for those in charge of security to understand the composition of this 1 percent that is frequently comprised. They are not only the privileged users mentioned above, but also machine-based identities that are designed to allow access to archived data and other privileges, as well as various software architects.

Acknowledging the fact that there has been a long established risk that is linked to unintentional “user-induced exposure in the cloud,” the report points out that cybercriminals have learnt how to exploit these users and not only access corporate and Government environments, but also compromise credentials. Furthermore, it found that no industries are immune from these cloud cybersecurity risks: “The bottom line: across all industries, risk can be explained by a small percentage of users.”

Data ownership in the cloud was also found to be disproportionately high, with the top 1 percent of users owning more than half (57 percent) of the organization’s digital assets. This figure rose to 81 percent when the digital assets of the top 5 percent were taken into account. In reality this would mean that simply targeting the few who own digital assets could cause a major data breach that could put a very large percentage of the company’s assets at risk.

So how is the distribution of cloud cybersecurity risk calculated?

According to the report it is a combination of behaviors that is potentially risky, together with usage volumes of users, and corporate security policy violations. And the stats reveal, yet again, that just 1 percent of users are responsible for most cloud cybersecurity risk in any one organization.

  • The top 1 percent create 75 percent of risk
  • The top 5 percent create 90 percent of risk
  • The remaining 95 percent are not much of a risk at all, accounting for a mere 10 percent

This remains the reality, even though most of the users who create risks are not aware of what they are doing (for example “oversharing” the company’s assets). All they have to do to create risk is drag and drop files to public folders, or make a folder public without informing another collaborator that this has been done.

In many circumstances, employee security training will decrease the risk dramatically. For Instance, a case study cited in the report shows how a travel industry firm was able to decrease its potentially risky public exposure by 62 percent in a single day, just be analyzing user behavior and then reaching out to their top users.

Another enormous risk lies with third party suppliers that are connected to the company via the cloud. They might be totally honest and reliable, but if they are compromised, their vulnerability can become high risk for the company they are collaborating with. It shouldn’t be surprising to find that the so-called law of the vital few applies in this instance too, with the top 25 external organizations accounting for three quarters of inter-organizational sharing. Additionally, the top 25 applications were found to account for 65 percent of all third-party app installations, many of which were found to be linked not to business itself, but to business functions.

Four Strategies to Help Remedy Risk

Having identified that cloud cybersecurity is disproportionate across users, collaborators or applications, CloudLock suggests four strategies to help remedy risk:

1. First focus on the riskiest users
2. Then focus security on the top 25 collaborators, and then the balance
3. Take action when third party applications are discovered
4. Opt for platforms that offer multi-cloud insights rather than point security solutions

By Penny Swift

Mark Banfield

A Seamless Customer Experience Is Essential to Success in Today’s Digital Economy

Implement A Seamless Customer Experience The need for digital interaction has never seemed more critical than it does today. As the coronavirus continues to spread, citizens around the world are being asked to hunker down ...
Ronald van Loon

Operationalizing AI at Scale with ModelOps

Scaling with ModelOps Putting artificial intelligence (AI) into production can be a frustrating experience for organizations, one often destined for failure. In fact, only 53% of AI projects actually move past POC and into production ...
Mark Barrenechea

Introducing the Information Advantage

Technology. Information. Disruption. The world is moving faster than ever before at unprecedented scale. Businesses today are operating in the next industrial revolution, and the rules have changed. This is Industry 4.0. It is imposing ...
Ronald van Loon

How Continued Learning Can Help Data Scientists Solve Industry-Specific Challenges

Data scientists are, first and foremost, problem solvers. But new problems can’t always be solved with old tricks.Currently organizations in every industry are experiencing overwhelming challenges, many of them emerging from shifts to digital, the ...
Gary Bernstein

5 Notable Proxy Servers Adding That Extra Layer Of Privacy

What’s A Proxy Server? A proxy server is a gateway between the user and the internet. This is an intermediary server that separates end users from the websites they browse. It’s completely legal to use ...
Tesla Twitter

The Tesla Story The World Is Ignoring

The Tesla Story The World Is Ignoring Bugatti is one of the most recognized names among luxury supercars. After the founder Ettore Bugatti died, the company nearly disappeared in 1952. Until Italian businessman Romano Artioli ...