Ask any IT professional who presents the biggest threat to the safety of their organisation’s cloud networks, and chances are their thoughts will turn to nefarious hackers or complex viruses. However, while that is true, the reality is that cloud computing’s biggest weakness lies much closer to home.
According to the ICO, 93% of cloud data protection breaches occur as a result of some form of human error. An organisation’s staffare frequently its Achilles heel – and are often targeted as such too. A recent Verizon study confirmed this, reporting that 95% of targeted attacks used spear-phishing scams to target unthinking and unsafe employees.
What’s more, two thirds of cyberattacks since 2013 have incorporated phishing and mimicking schemes – including high-profile attacks at Anthem and Sony.
Despite this, just 60% of companies have systems in place that could detect when files are accessed using compromised credentials.
So then how can IT protect against insider threats? It’s clear that an empowered and security-conscious workforce is essential to keep cloud networks safe. The solution lies in two separate areas: education and technology.
Education, education, education
According to Cisco, nearly half of all employees in the UK are ‘unconcerned’ by data security, with 39% regarding it as their company’s problem and not theirs. Furthermore, IS Decisions found that 52% of US and UK workers saw no security risk in sharing work logins. But it is these unthinking, uneducated employees that pose the greatest risk to data security.
It is in this laissez-faire security climate, made even more unsafe by workers sharing data over unsecure consumer-grade file sharing networks and social media platforms, that attackers are able to access sensitive information and login details.
Senior members of staff are a particular concern. These busy types tend to delegate more and often work under the assumption that the rules aren’t applicable to them, yet enjoy a greater scope of security privileges. It’s not hard to see why they are targeted by attackers.
Only when all elements of acompany’s workforce are properly educated on data sharing best practice can risks begin to be kept at bay.
However, it doesn’t end there. Protecting against insider threats isn’t a purely cultural issue. It needs the technology too.
The birth of cloud technology and social sharing has led to huge advances in business efficiency and global information sharing. But it also puts sensitive information at risk. 20 years ago, before the cloud, a business could know that unless data physically left its premises then it would struggle to be intercepted.
Today, employees can use all manner of social networks or file sharing platforms to communicate and send information – many of which won’t offer the requisite security credentials and so put an organisation’s safety at risk. In the 21st century, consumers – particularly tech-savvy individuals – will gravitate towards the platform that does the job best. That nearly always means the simplest and the fastest, not the safest.
The solution then is through technology that enables employees and stakeholders to communicate about sensitive information on fully-encrypted cloud networks, without ever scrimping on usability. What’s more, usability is key from IT’s point of view – making it easier to understand user behaviours and detect abnormal account activity before it gets worse.
The most secure solutions arise when IT works with ‘normal’ employees and stakeholders in varying positions of influence to build a highly-usable, safe sharing eco-system that is built into a wider IT policy and complements their needs. Then the insider threat is kept at bay.
John Lynch is CEO of Maytech, a file-sharing platform that partners with IT departments across the world to make data sharing more secure, more efficient and more convenient. For more information about trends in online security, read John’s IT blog today.