The Top 6 Cloud Insider Threats You Need to Worry About

November 22, 2016

Insider threats and the misuse of data stored in the cloud has long been a concern for agency and IT leaders. But what remains clear, according to a new survey by the Cloud Security Alliance (CSA), is that there is clear lack of procedure for dealing with these instances in cloud computing.

The survey posed some challenging questions to respondents in government, healthcare, education, and business sectors, many of which they struggled to answer. It also shows a stark divide between the reality of insider threats and perception.

Below are just some of the highlights of the top insider threats that should be top of mind and strategies you can take to close the gap:

1. Insiders are Exfiltrating Data (Inadvertently or Maliciously) in a Variety of Ways – When asked what data exfiltration mechanisms they believe to be most common, respondents pointed to email and thumb drives, while social media ranked low. Yet, research paints a different picture. In fact, data that has been inadvertently or malicious exposed or sold is more commonly available on the open or dark web (areas of the web not indexed by search engines where stolen data can be traded).

2. Data Exfiltration Formats are Varied – Survey respondents believe that email is the most common way to exfiltrate data, and many of today’s solutions focus on email (malware/spam/phishing prevention), but the proliferation of cloud storage and file sharing sites also provide an opportunity for hackers to move data out of an organization – in bulk!

3. Expunging Data After It’s Been Leaked is an Unknown Quantity – 44% of those surveyed were unsure about whether it’s possible to erase data after its been placed on an illicit site and 83% skipped the question about how many days it could take to recover or expunge exfiltrated information. CSA concludes that much more research is needed plus new data erasure techniques must be developed.

4. Accidental Leaks are a Bigger Problem than Malicious Ones – When asked if insiders who have been involved in data exfiltration had malicious intent, only 19% agreed, suggesting that malicious motives are rare. This something CSA is beginning to see across the industry.

5. A Lack of Tools and Training Prevail – Nearly 80% agreed that a lack of training and awareness contributes to a lack of detection of insider data exfiltration, while 75% feel that there is a lack of toolsets to deal with the problem.

6. Existing Toolsets May Not be Working – Given the spend on data protection and security controls, a whopping 60% skipped the question: “how do you know if your toolsets are working?” Despite investments, this is a frightening find.

In the face of these threats and concerns, the Cloud Security Alliance recommends a three-step approach to proactive data security:

1. Encrypt Mission-Critical and Sensitive Data When It’s Created – This will ensure that, should your data fall into the wrong hands, it becomes harder to expose.

2. Leverage Behavioral Analytics and Big Data Threat Intelligence – To better identify malicious activity and security policy violations.

3. Monitor the Open, Deep, Dark Web – Monitor for your sensitive data. If exfiltration occurs you’ll be in the know as soon as possible and can take steps to mitigate the impact.

Check out the full report here.