Skip to main content

Unsanctioned collaboration tools threatening security

(Image credit: Image Credit: Montri Nipitvittaya / Shutterstock)

Insider threats are a huge problem for the cybersecurity posture of a business, and the ever growing use of unauthorised cloud-based sharing apps is only making the problem worse.

This is according to a new report from Code42, based on a poll of almost 5,000 knowledge workers at companies with more than 1,000 employees in the US, UK and Germany.

The report claims employees in such companies “routinely” use both apps that are authorised by the IT security department to share data, and those that are not.

Employees think authorised apps are too cumbersome, complicated, slow and restrictive and therefore lean on more convenient alternatives.

The most popular among authorised apps include email, Microsoft Sharepoint, OneDrive and Google Drive. But employees are also inclined to use WhatsApp, Google Drive (unauthorised in some organisations), Facebook and personal email.

The report states that almost four in ten (37 percent) workers use unauthorised apps daily, while a quarter (26 percent) use them weekly.

This makes the job easier for hackers and criminals looking to exfiltrate important data that was supposed to remain hidden.

Almost three quarters (73 percent) of employees reported having access to data they did not create, while more than two thirds (69 percent) said they could view data they did not contribute to. More than half could see data from other departments.

“When it comes to data loss, leak and theft, for too many companies, the inside is their blindside,” said Joe Payne, Code42 President and CEO.

“Insider threat programs are not keeping up with today’s collaborative work culture. People and data are on the move now more than ever. Workers are switching jobs, and company files are being uploaded to the web, emailed as attachments and synched to personal cloud accounts. Our new report is a wake-up call for security teams that have traditionally relied on prevention-based security strategies for blocking when the rest of their organisation is busy sharing.”

The full report can be found here.