Despite ever-stricter regulations, businesses across the world are increasingly exposing company data by irresponsibly using unsecured public cloud services and applications, new research shows.
Public clouds are notoriously inapt for keeping intellectual property secure, but companies everywhere use them nonetheless. Convenience, reduced costs and user friendliness play an important role in the adoption of services like Dropbox, Google Drive, and even the more business-oriented SharePoint. But when it comes to security in the business sector, these services leave a lot to be desired – especially when users are poorly tutored in cybersecurity matters. Worse still, rogue employees pose an even bigger risk for businesses relying on public clouds.
Case in point: 98% of assessments made by Dtex Systems for its 2019 Insider Threat Intelligence Report discovered sensitive and confidential information exposed and available online and in the cloud, primarily in Dropbox, Google G Suite and Microsoft Office 365. These findings marked an increase from 78% last year.
Researchers analyzed information from work-issued endpoints across more than 300,000 user accounts in North America, EMEA and the Asia Pacific Region. 100% of assessments detected sensitive and confidential data transfers taking place via USB drives, personal email accounts and cloud applications, an increase from 90% in 2018.
97% of assessments detected employees that researchers described as “flight risks,” a class of insider threat that often steals data and IP. The risk has risen sharply from 38% in 2018. Other negative trends included employees attempting to bypass or circumvent security controls via anonymous browsing (VPN and TOR usage), and even employees engaged in high-risk internet surfing (pornography, gaming and gambling).
Dtex’s is not the only research to uncover such a risky conduit at businesses across the globe. According to a study by security awareness training firm KnowBe4, 92% of organizations rank users as their primary security concern. This despite making security awareness training a top priority in security initiatives that such organizations need to implement.