2015 saw Barbie get hacked, “smart” homes turn against their owners and most infamously, subscribers on the Ashley Madison website had their intimate secrets shared with the world.
As business IT evolves and transforms, there are more services to be managed than ever before, each with varied requirements for access privileges. With bring-your-own-device (BYOD), cloud computing, and mobile apps becoming standard office fare, the security difficulties have only become greater.
There’s a growing list of ways organizations are being shown to be vulnerable, but new research from CloudLock shows it’s a small percentage of users that are causing the greatest risk. “Seventy-five per cent of the security risk can be attributed to just one per cent of users,” says the report.
For technology leaders who understand significant risk lies with the user, the best defense is understanding user behaviour.
With collaboration a key to improved creativity and productivity, employers would like to believe most sharing happens in trusted networks. CloudLock’s research shows, however, that most cloud sharing occurs with non-corporate email addresses, usually beyond the control of security teams. These blind spots are creating vulnerability issues that grow as those people collaborate with external parties.
“The perimeter of your network is no longer where you think it is,” states the HPE 2016 Security Research Cyber Risk Report. Attackers have shifted their efforts away from direct attacks to an attack on applications. With today’s mobile devices found in everyone’s pocket, that is the new perimeter of your network.
Attackers are smart. Recognizing how interconnected this world has become they have shifted to app attacks, using your most trusted employees as an easy conduit to accessing sensitive data. To protect these privileged accounts, security practitioners must balance the risk of convenience and interconnectivity.
When it comes to storing sensitive information on devices, mobile applications have a different runtime environment than traditional desktop and enterprise server applications. On mobile, there’s a heavy use of unique personally identifiable information like screen and keyboard caching. But the device often contains both trusted and untrusted applications, creating a unique storage situation.
Ultimately, understanding the composition of user behaviour of your top one per cent is crucial for security. Don’t let your top one per cent be the weakest link.
Join us for the webinar to learn more about major security breaches involving compromised trusted accounts in this overlooked area of exposure.