Between the Yahoo Breach, the Bangladesh Bank heist, the Panama Papers and Dropbox password leaks, the past year has seen its fair share of major data breaches. These breaches have brought a harsh reality to light for IT: everybody and anybody is a target. With cloud adoption growing rapidly among enterprises, the possibility of a breach has become top of mind for the C-suite.
According to a recent study conducted by the Ponemon Institute, almost 90 percent of businesses believe an increase in cloud usage will increase the probability of a data breach. As cyber criminals continue to develop complex methods to infiltrate organizations, corporate leaders need to be able to adapt and adopt more proactive deterrence strategies.
Netskope research shows that organizations use an average of 1,031 cloud services, but 94.8 percent of those services are not enterprise ready, and less than five percent are approved by IT. With lack of visibility into the cloud and enterprise-readiness in cloud services, today’s cloud environments have become hotbeds for security threats, from insider threats and compromised credentials to malware and ransomware.
The people problem — Insider threats
While cloud services are both convenient and efficient, the more cloud service and mobile usage grows, so too does the risk of insider threats. Nearly half of companies who experienced a data breach in the last year say it was the user who exposed data intentionally or accidentally from a cloud service, according to the Ponemon study.
As cloud adoption has grown, IT leaders have accepted that employees will sync, share, save and upload sensitive data to the cloud. As this occurs, the risk of an insider threat (whether intentional or malicious) grows. Yet, most organizations have work to do -- according to the 2016 Insider Threat Spotlight Report, 58 percent do not have formal policies in place to prevent insider threats. The challenge most organizations face is finding the balance between empowering employees to access and use cloud services and protecting against the risk of data loss.
At the end of the day, organizations must address this “people problem,” including the fact that many cloud service-based insider threats can be unintentional. Take the LinkedIn breach, in which more than 100 million credentials were leaked. More often than not, employees reuse passwords across multiple cloud services, so after an event like the LinkedIn breach all of their accounts become vulnerable once the information gets into the wrong hands.
To address this issue, IT can adopt a policy that flags alerts when compromised credentials have been used to access a cloud service, in order to ensure employees who have reused passwords are not able to download sensitive data. They can also coach their users to reset their passwords to ensure they are able to continue using the cloud service.
The virtual vice - Malware in the cloud
The Ponemon study also revealed that malware is a significant source of data exposure, with 39 percent of organizations finding malware in the cloud. However, 60 percent of organizations don’t inspect the cloud for malware, meaning this number is actually much higher. In fact, 34 percent of enterprises have malware but don’t know it. In the case of the high-profile Bangladesh Bank attack, custom malware helped hackers cover their tracks, so there was no record that fraudulent transactions even happened.
Malware can infect an entire enterprise in minutes. As employees sync or share through their cloud services, infected files spread to other users, quickly spreading across the entire organization. This is known as the cloud malware fan-out effect, and with 56 percent of malware-infected files in cloud services shared with other users, it’s becoming a harsh new reality for IT. Organizations must take preventative measures by scanning the cloud for malware in order to quickly remediate any potential infections.
A different approach
Current breach prevention methods aren’t working, and businesses need to take a different approach to stop attacks. So how can they ensure that the next big data breach isn’t theirs?
One of the biggest roadblocks is lack of visibility into the cloud. Though nearly 1,000 cloud services are in use in organizations, IT often underestimates this number by a factor of 10. This is a problem: without visibility into the use of cloud services, IT cannot be alerted to suspicious activity and potential threats.
It is crucial that IT adopt and enforce policies to gain better visibility into the cloud, including those that monitor for out-of-the-norm behaviors and unusual file upload activity. Though it is nearly impossible for IT to have administrative control of every cloud service in a given environment, these policies help detect abnormal events in the cloud, and can ensure organizations remain a step ahead.
As the use of the cloud grows the severity of data breaches rises. This year’s breaches have proven that organizations should never think they are exempt from a breach. Rather, they should accept a “when,” not “if,” mentality, and have policies in place to detect and prevent sensitive data from falling into the wrong hands.