Skip to main content

Unsanctioned collaboration tools threatening security

(Image credit: Image Credit: Montri Nipitvittaya / Shutterstock)

Insider threats are a huge problem for the cybersecurity posture of a business, and the ever growing use of unauthorised cloud-based sharing apps (opens in new tab) is only making the problem worse.

This is according to a new report from Code42, based on a poll of almost 5,000 knowledge workers at companies with more than 1,000 employees in the US, UK and Germany.

The report claims employees in such companies “routinely” use both apps that are authorised by the IT security department to share data, and those that are not.

Employees think authorised apps are too cumbersome, complicated, slow and restrictive and therefore lean on more convenient alternatives.

The most popular among authorised apps include email, Microsoft Sharepoint, OneDrive and Google Drive. But employees are also inclined to use WhatsApp, Google Drive (unauthorised in some organisations), Facebook and personal email.

The report states that almost four in ten (37 percent) workers use unauthorised apps daily, while a quarter (26 percent) use them weekly.

This makes the job easier for hackers and criminals looking to exfiltrate important data that was supposed to remain hidden.

Almost three quarters (73 percent) of employees reported having access to data they did not create, while more than two thirds (69 percent) said they could view data they did not contribute to. More than half could see data from other departments.

“When it comes to data loss, leak and theft, for too many companies, the inside is their blindside,” said Joe Payne, Code42 President and CEO.

“Insider threat programs are not keeping up with today’s collaborative work culture. People and data are on the move now more than ever. Workers are switching jobs, and company files are being uploaded to the web, emailed as attachments and synched to personal cloud accounts. Our new report is a wake-up call for security teams that have traditionally relied on prevention-based security strategies for blocking when the rest of their organisation is busy sharing.”

The full report can be found here (opens in new tab).

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.