Security Experts:

Small Percentage of Employees Responsible for Most Cloud Security Risk: Report

A report released on Wednesday by CloudLock reveals that one percent of employees in an enterprise are responsible for 75 percent of risk associated with cloud security.

The cloud security company’s report is based on the analysis of 10 million users, 1 billion files, and more than 91,000 applications across 1,800 organizations. CloudLock has calculated cloud cybersecurity risk based on users’ volume of usage, corporate security policy violations, and potentially risky behavior.

Using the cloud can help an organization significantly increase productivity because cloud solutions allow employees to easily create, access and distribute information. However, the cloud can also make a company more vulnerable to both external cyberattacks and unintentional data exposure.

Experts have determined that the top one percent of users in an organization are responsible for 57 percent of file ownership, 81 percent of file shares, 73 percent of excessively exposed files, and 62 percent of application installations. CloudLock has warned that security teams must keep a close eye on this small group of employees, which often includes users with super privileges, software architects, and automated accounts responsible for access privileges and data archiving.

CloudLock has found that the top 5 percent of users in an organization are responsible for 81 percent of digital assets, which makes this user group a tempting target for malicious actors. Overall, 90 percent of risk is attributed to these top 5 percent users.

In one case study described by CloudLock, a company in the travel sector was able to decrease risk by 62 percent in just one day after reaching out to its top users.

CloudLock has identified similar trends when it comes to sharing and collaboration. On average, organizations collaborate with 865 external parties, 25 of which account for 75 percent of cloud-based sharing. Worryingly, 70 percent of this sharing involves non-corporate email accounts that cannot be properly monitored by security teams.

In one case described in the report, a federal institution with over 5 million documents and 20,000 users discovered that its users were sharing files with 7,000 other organizations and domains. Only less than 30 percent of these entities were sanctioned federal institutions.

As far as apps are concerned, since the top one percent of users is responsible for 62 percent of cloud application installations, this small user base introduces a high volume of risk, CloudLock said. Furthermore, 52,000 app installations have been attributed to highly privileged users, which significantly increases risk considering that such accounts are highly targeted in cyberattacks.

"Cyber attacks today target your users -- not your infrastructure. As technology leaders wake up to this new reality, security programs are being reengineered to focus where true risk lies: with the user," CloudLock CEO and co-founder Gil Zimmermann commented on the study. "The best defense is to know what typical user behavior looks like -- and, more importantly, what it doesn't."

CloudLock’s complete Cloud Cybersecurity Report for Q3 2015 is available for download in PDF format.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.