Average firm has more than nine insider threats a month

A large majority of organisations (89.6 per cent) experience at least one insider threat each month, a new report by Skyhigh Networks says.

The Q4 2015 report, entitled Cloud Adoption and Risk Report is derived from analysis of actual cloud usage across over 23 million employees.

Besides the monthly threats, the report says that 55.6 per cent of organisations experience unusual behaviour by privileged users, such as administrators accessing data they should not, each month

The average organisation experiences 9.3 insider threats each month.

Slightly more than half of all organisations experience account compromises each month, the report adds. Many business-critical cloud services support multi-factor authentication, and companies can reduce their exposure to account compromise by enabling this feature.

On average, organisations experience 5.1 incidents each month in which an unauthorised third party exploits stolen account credentials to gain access to corporate data stored in a cloud service.

In order to extfiltrate stolen data from on-premises systems of record, hackers are increasingly turning to public cloud services. The average organisation experiences 2.4 cloud-enabled data exfiltration events each month, with the average incident involving 410.0 MB of data.

The percentage of documents that are shared via file sharing services hit an all-time high in Q3 of 2015, which is both good and bad. Sharing is generally seen as a positive development, but carries many risks. With that in mind, the report says that 28.1 per cent of employees have uploaded a file containing sensitive data to the cloud, while the average organisation shares documents with 849 external domains via these services.

  • Of all documents stored in file sharing services, 37.2 per cent are shared with someone other than the document’s owner
  • 6% of shared documents are shared internally with select users
  • 9% of shared documents are shared with all employees within an organisation
  • 2% of shared documents are shared with business partners
  • 4% of shared documents are accessible by anyone with a link
  • 7% of shared documents are actually publicly accessible and indexed by Google

The report concludes by suggesting employees should reconsider how they name files, for the sake of safety. “It’s not uncommon for employees to use words like “bonus”, “budget” or “salary” in file names,” it says.

The average enterprise has:

  • 7,886 docs with “budget" in the file name
  • 6,097 docs with “salary" in the file name
  • 2,681 docs with “bonus” in the file name
  • 2,217 docs with “confidential” in the file name
  • 1,156 docs with “password” in the file name
  • 1,384 docs with “passport” in the file name
  • 248 docs with “confidential” in the file name
  • 156 docs with “press release” in the file name

To see the Q4 Cloud Adoption & Risk Report in full, head over here (PDF).