Organizations Not Working to Defend Shadow IT Are in Danger of Data Loss and Regulatory Violations
Shadow IT continues to grow, while senior management remains in denial. The average enterprise now uses 1,232 cloud apps (up 33% from the second half of last year), while CIOs still believe their organizations use between just 30 and 40 cloud apps and services. Within this cloud, 20% of all stored data is at risk from being ‘broadly shared’.
The figures come from 1H 2017 Shadow Data Report (PDF), based on aggregated and anonymized data from 22,000 cloud apps and services, 465 million documents, and 2.3 billion emails used by Symantec’s CloudSOC (CASB) customers.
CloudSOC was acquired by Symantec when it bought Blue Coat Systems for $4.65 billion in June 2016. Symantec defines ‘broadly shared’ as “documents that are widely shared with employees within the organization, documents that have been shared externally with specific individuals such as contractors and partners, and documents shared to the public.” Put briefly, they have a high risk of exposure.
Of that 20% of broadly shared data, 2% specifically contain compliance-related data such as personally identifiable information (PII), payment card industry information (PCI) and protected health information (PHI). This means that CloudSOC customers over-shared 93 million documents. Of these, 2% (1.86 million) contained PCI; 19% (17.67 million) contained PII; and 79% (73.47 million) contained PHI; all of which potentially put the organization in breach of a range of regulatory requirements.
The figures are even worse for emails. Twenty-nine percent of the 2.3 billion emails analyzed are broadly shared and at risk of leakage. Nine percent of these contain compliance-related data: 64% contain PII, 9% contain PHI, and 27% contain PCI. To put these figures in context, Symantec found 207 million at risk emails. Within these, it found 132.48 million emails containing PII data.
Cloud apps are a popular target for hackers, and Symantec’s research evaluated the incidence of users’ high risk actions in the cloud. The biggest threat is the loss of data, and the researchers found that 71% of the detected high risk behaviors indicated attempts to exfiltrate data. Seventeen percent indicated attempted brute force attacks; 6% indicated attempts to destroy data; and 6% indicated attempts to hack into user cloud accounts.
The researchers mapped the high risk behaviors to the users’ organizations. It found that an astonishing 14% of companies have 50% or more of their employees demonstrating high risk behavior within the cloud apps and services. On the plus side, 53% of their customers have zero high risk employees — indicating that some organizations are doing a good job with their user awareness training, while others have a distance to go.
It is important to remember that these figures come from customers of Symantec’s CloudSOC CASB. They are already making efforts to protect their cloud-based data. We don’t know if similar figures would be replicated by other CASB users — but one thing is clear. Any organization that is not specifically trying to defend its Shadow IT is in serious danger of data loss and regulatory violations.
Related: Symantec Enhances Endpoint Protection Capabilities
Related: Stealthy Attack Could Hit 50 Percent of Large Office 365 Customers
Related: Cloud Governance Fails Could Trigger Privacy Compliance Issues
More from Kevin Bowers
- Alexa May Be Recording More Than You Realize
- UK’s NCSC Adopts HackerOne for Vulnerability Coordination Disclosure
- Artificial Intelligence in Cybersecurity is Not Delivering on its Promise
- Untangle Partners With Malwarebytes to Bring Layered Security to SMBs
- Testing Security Products: Third-Party Standards vs. In-House Testing
- New Cyber Readiness Program Launched for SMBs
- Personal Details of 120 Million Brazilians Exposed
- Researchers Find Thousands of Twitter Amplification Bots in Just One Day
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
