The 1% Who Put the Entire Organization at Risk

The 1% Who Put the Entire Organization at Risk

The 1% Who Put the Entire Organization at RiskThe 1% Who Put the Entire Organization at Risk

A new study investigates the ways a small number of employees can unwittingly, for the most part, jeopardize the security integrity of an organization.

The Power of One PercentThe Power of One Percent

1% of users are responsible for 57% of file ownership, 81% of files shared, 73% of excessively exposed files, and 62% of app installations.

Who Can Take You DownWho Can Take You Down

The composition of the 1% of users includes super-privileged users, software architects and machine-based identities that grant access privileges and archival data.

Data Ownership in the CloudData Ownership in the Cloud

Digital assets in the cloud are owned disproportionately; the top 1% of users own 57% of these assets in the top 5% are responsible for 81% of these assets.

Distribution of Cloud Cybersecurity RiskDistribution of Cloud Cybersecurity Risk

Here’s the breakout of risk, calculated as a function of users’ volume of usage, potentially risky behaviors and violations of corporate security policy: Top 1% of users create 75% of risk, Top 5% of users create 90% of risk, Remaining 95% of users account for 10% of risk

Exposure-Induced Risky DistributionExposure-Induced Risky Distribution

The majority of company assets exposed to everyone in the company and the public are created by just 5% of all users. In some cases users are malicious, but most are unaware that they are over-sharing company assets.

The Inheritance RuleThe Inheritance Rule

Documents become public unintentionally by “inheritance:” A drag and drop into a public folder, A collaborator makes their folder public without informing the rest of the team, A compromised third-party application changes the access control list of assets

Risk of Cloud Sharing/Collaboration QuantifiedRisk of Cloud Sharing/Collaboration Quantified

70% of cloud-based sharing occurs with personal, non-corporate domains, signaling significant personal email stockpiling.

The Apps Risk FactorThe Apps Risk Factor

Third-party applications exchange data with other cloud apps, including corporate, sanctioned applications. They often allow editing, deleting, and copying and externalize information. Cyber criminals frequently target these apps as entry points into the organization.

Third-Party Cloud AppsThird-Party Cloud Apps

1% of users are responsible for 62% of app installations. There are 91,000 unique third-party applications. On average, organizations have 540 unique third-party cloud applications, up from 130 in 2014.


Consider these risk remediation strategies: Focus on the riskiest subset of users, Focus security on organizations with which you collaborate the most, When checking third-party applications, check enforcement capabilities, policy-driven app control and end-user education, Correlate insight across cloud environments

Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Latest Articles