A new report reveals that the growing use of cloud data makes insider security threats more difficult to detect and prevent. Insider security threats affect more than 34% of businesses and have increased by 47% over the past two years as many industries move to cloud storage.
Most insider security threats come from negligence. Only about one-third of insider threats come from malicious or disgruntled employees or contractors looking to do damage. The other two-thirds of threats are due to users disobeying security rules for convenience or human error. These users may store confidential data on personal devices or share passwords to make their job easier. Negligent users may also share data with a criminal in a phishing attack.
Malicious insider threats include former employees who steal data during their offboarding process or current employees working with third-party organizations seeking to harm the company.
Storing business data in the cloud introduces new insider security threats that may not have been an issue on physical servers. Many businesses are adding cloud storage without an understanding of segmentation, monitoring, and access controls.
Education is the first line of defense against insider security threats. Businesses should have clear guidelines on personal device use, including USB drives, and those policies should be communicated regularly to employees. A large percentage of insider data breaches occur from an employee trying to make their job easier, so it’s essential to communicate how confidential and privileged data should be used.
Next, users should only have access to the data they need to perform their job. The Principle of Least Privilege is still important in cloud data management and is an aspect of security that’s being overlooked in the transition online. Businesses can also implement tools that restrict the copying and transferring of data, so users can access assets to do their job but cannot move them.
Lastly, pay attention to third-party vendors. Often vendors are granted access to cloud data, which may not have the same security policies in place as the original organization. Additionally, the data transfer method to the third party is another avenue for a breach.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.