The 1% Who Put the Entire Organization at Risk

 
 
By Karen A. Frenkel  |  Posted 08-31-2015 Email
 
 
 
 
 
 
 
 
 
  • Previous
    The 1% Who Put the Entire Organization at Risk
    Next

    The 1% Who Put the Entire Organization at Risk

    A new study investigates the ways a small number of employees can unwittingly, for the most part, jeopardize the security integrity of an organization.
  • Previous
    The Power of One Percent
    Next

    The Power of One Percent

    1% of users are responsible for 57% of file ownership, 81% of files shared, 73% of excessively exposed files, and 62% of app installations.
  • Previous
    Who Can Take You Down
    Next

    Who Can Take You Down

    The composition of the 1% of users includes super-privileged users, software architects and machine-based identities that grant access privileges and archival data.
  • Previous
    Data Ownership in the Cloud
    Next

    Data Ownership in the Cloud

    Digital assets in the cloud are owned disproportionately; the top 1% of users own 57% of these assets in the top 5% are responsible for 81% of these assets.
  • Previous
    Distribution of Cloud Cybersecurity Risk
    Next

    Distribution of Cloud Cybersecurity Risk

    Here's the breakout of risk, calculated as a function of users' volume of usage, potentially risky behaviors and violations of corporate security policy: Top 1% of users create 75% of risk, Top 5% of users create 90% of risk, Remaining 95% of users account for 10% of risk
  • Previous
    Exposure-Induced Risky Distribution
    Next

    Exposure-Induced Risky Distribution

    The majority of company assets exposed to everyone in the company and the public are created by just 5% of all users. In some cases users are malicious, but most are unaware that they are over-sharing company assets.
  • Previous
    The Inheritance Rule
    Next

    The Inheritance Rule

    Documents become public unintentionally by "inheritance:" A drag and drop into a public folder, A collaborator makes their folder public without informing the rest of the team, A compromised third-party application changes the access control list of assets
  • Previous
    Risk of Cloud Sharing/Collaboration Quantified
    Next

    Risk of Cloud Sharing/Collaboration Quantified

    70% of cloud-based sharing occurs with personal, non-corporate domains, signaling significant personal email stockpiling.
  • Previous
    The Apps Risk Factor
    Next

    The Apps Risk Factor

    Third-party applications exchange data with other cloud apps, including corporate, sanctioned applications. They often allow editing, deleting, and copying and externalize information. Cyber criminals frequently target these apps as entry points into the organization.
  • Previous
    Third-Party Cloud Apps
    Next

    Third-Party Cloud Apps

    1% of users are responsible for 62% of app installations. There are 91,000 unique third-party applications. On average, organizations have 540 unique third-party cloud applications, up from 130 in 2014.
  • Previous
    Recommendations
    Next

    Recommendations

    Consider these risk remediation strategies: Focus on the riskiest subset of users, Focus security on organizations with which you collaborate the most, When checking third-party applications, check enforcement capabilities, policy-driven app control and end-user education, Correlate insight across cloud environments
 

Cyber-security risk is highly concentrated in the cloud, according to a new study, with 1% of users responsible for 75% of the risk. Furthermore, cyber-criminals continue to focus on what is widely considered the weakest link in the security chain: the user, the report revealed. The findings come from CloudLock, which combines U.S. and Israeli military intelligence with real-time, crowd-sourced cloud security insight. The study, "Q3 Cloud Security Report: The 1% Who Can Take down Your Organization," is based on CloudLock's analysis of 1 billion files per day of 10 million users. There were 91,000 unique apps and 2.8 million installs. "Cyber-attacks today target your users—not your infrastructure," said Gil Zimmermann, CEO and co-founder of CloudLock. "As technology leaders wake up to this new reality, security programs are being reengineered to focus where true risk lies: with the user. The best defense is to know what typical user behavior looks like—and, more importantly, what it doesn't."

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...