News Feature | November 17, 2015

What IT Solutions Providers Need To Know About Their Clients' Security Risk

Christine Kern

By Christine Kern, contributing writer

What IT Solutions Providers Need To Know About Their Clients’ Security Risk

Skyhigh Networks has released its latest quarterly Cloud Adoption and Risk Report, which found that the average enterprise faces more than 16 insider threats, exploited account credentials, and data exfiltration incidents per month. The report demonstrates how user behaviors make companies vulnerable and how identification and management of this behavior can serve as the proverbial “canary in the coal mine” that enables reduction of data loss risks.

The Q4 2015 report found more than three-quarters (76.3 percent) of all organizations experience at least one incident of a comprised account monthly. The study also determined 89.6 percent of organizations face at least one insider threat per month, an increase from 85 percent for Q4 2014. And over half of organizations reported that they experience unusual behavior by privileged users each month. This includes actions such as administrators accessing data they should not. The report also states 28.1 percent of employees have uploaded a file containing sensitive data to the cloud.

Compromised accounts are also a danger for enterprises. Just over half of all organizations experience account compromises each month, and organizations on average each month face 5.1 incidents of an unauthorized third party attempting to gain access to corporate data in the cloud using stolen account credentials.

In addition, the study found hackers are increasingly leveraging public cloud servers to exfiltrate stolen data from on-premises systems of record, with the average organization experiencing 2.4 cloud-enabled data exfiltration events each month , and the average incident involving some 410.0 MB of data.

Another interesting finding of the study is that file names could make a significant difference in the level of risk. Since cybercriminals are looking for documents containing budget, salary, or personal Social Security information in order to disrupt company operations or use the information for financial gain, employee files that use financial keywords (think “bonus,” “budget,” “salary,”) are more likely to be targeted.

And Skyhigh found that the percentage of documents shared via file sharing services were at an all-time high during Q3 2015, meaning that the risk of data compromise is also at its highest. The study found that the average organization shares documents with 849 external domains through these services. And of all documents stored in file sharing services, 37.2 percent are shared with someone other than the document’s owner.