In this article
  • Insider threats and their impact on businesses
  • Assigning a $ cost to the data breaches by insiders
  • Types of insider threats today
  • Why would our employees be a risk to our organization?
  • How SysCloud protects your organization from insider threats
  • Free threat report
  • References/sources

Insider Threats : A Guide to Your Cloud Apps Security

28 Apr 2021
|
7 min read
|
Vijay Krishna
twitterlinkedin
Blog Articles

Cloud Applications like Google Apps, Salesforce, Box, and Microsoft Office 365 are making productivity and collaboration easier and more effective without the need for big upfront investments in infrastructure and resources. Furthermore, these Cloud Apps are highly secure and have multiple levels of redundancy which are always on and safe. For organizations using Cloud Apps, the only threats remaining are from insiders i.e their own users. Why? There are 2 main reasons:

  • Attackers do not get in by penetrating or breaking down network firewalls but via weak trusting employees e.g. phishing.

  • Some employees (users) may indulge in activities which are damaging to the organization.

Insider threats and their impact on businesses

Data breaches, when reported in the media, cause irreparable damage to the business involved in terms of reputation and customer’s trust. Additionally, legal obligations may mandate public disclosure of such a leak. Furthermore, the breached data may be sensitive in nature such as: PII, login credentials, IP or Health Records. This exposure of key customer and business data puts both parties at risk. All businesses are heavily invested in perimeter security tools for IDS, network monitoring, DLP, etc. and have dedicated personnel to monitor it; however, in many cases, they ignore the insider threat. A report by Intel Security titled, “Grand Theft Data Data Exfiltration Study: Actors, tactics, and detection”2  mentions that data exfiltration is a clear danger to many organizations. The report mentions that insiders were responsible for about 43% of data loss regardless of whether it is deliberate or accidental. In the Verizon 2016 data breach investigation report1, there were a total of 10,489 incidents. The report mentions that “Retail Industry had 370 breaches of which 109 were from small businesses (less than 1000 employees) and 23 Medium and 238 Unknown.” According to the report, insider and privilege misuse accounted for more than 15 % of all incidents and internal threat actor accounted for 77 % within this category.

Assigning a $ cost to the data breaches by insiders

The average cost of a lost or stolen record is hundreds to thousands of dollars given the cost of customer acquisition. These numbers are constant across all industries. So, if you had a small database of ten thousand sensitive records, it will cost you millions of dollars per breach. Hackers and insiders cause a significant % of all breaches. It is better to pay the soft cost of protection in thousands of dollars rather than the hard cost in Millions, post breach.

Types of insider threats today

 The various insider threats are given below:

  • Data exfiltration: Authorized employee taking valuable data out of the organization’s cloud apps with malicious intent (IP, PII thief).

  • Malicious users: Disgruntled employees who delete, overwrite, expose and steal valuable data with mala fide intent. (Saboteur, Media leaker activist).

  • Compromised accounts: Detect accounts broken into by hackers and stop attacks in their tracks (Negligent employee).

  • Cloud malware: Discover, Monitor and Control third party apps installed by users in the Google Apps platform.

  • Ransomware: Recover from ransomware data damage by easily restoring data from our backups.

  • Compliance: Ready to use templates for PCI, HIPAA, FERPA, SOX, CIPA with hundreds of controls and workflows. Full compliance law audit reports and intelligent dashboards.

  • Phishing fraudulent emails: sent by attackers posing to be from reputed trustworthy organizations with malicious intention to obtain personal identifiable information (PII), account credentials. Some insiders may be duped by this and give out the sensitive information.

Why would our employees be a risk to our organization?

Employees of organizations are hired, trained and do assigned work in a safe and productive environment. However, there are situations in most organizations at some point when certain insider threats arise due to the following types of employees:

  • Malicious users: Employees who delete, overwrite, expose and steal valuable data with mala fide intent.

  • Negligent IT team member: Does not enable and use multi-factor authentication. Had a strong password but it was broken into due to a similar password used at another site that was hacked. The attacker has broken into the privileged admin accounts. This is the worst nightmare scenario for any organization and they are not even aware of it.

  • Gullible executive: Phishing Attack scenario: Working in Finance / Purchase Dept. responded to fraudulent emails sent by attackers posing as existing suppliers or as their own CEO and this executive gives away Bank Account related information because he thinks the request is genuine from a trusted source.

  • Privileged user: Data Exfiltration Authorized employee with valid credentials and privileges, exports data from the cloud apps with malicious intent

  • Press news leaker: Disillusioned with your organization due to any reason including recent downsizing, cost cutting measures, with management in terms of strategic direction, product positioning, market focus, customer service and layoffs, etc and is now in contact with media for telling the story and revealing confidential and intellectual property roadmap secrets.

  • Careless employees: Installing cloud apps from Google Apps Marketplace developed by unknown companies introduces Malware in the organization’s Google drive and causes damage till the IT team discovers and removes the malware.

Another scenario : Installs Apps that contain malware , leading to subsequent Ransomware attack and Google drive contents encrypted by the attackers demanding ransom.

How SysCloud protects your organization from insider threats

Our software scans Cloud Apps (Google Apps including Gmail, Hangouts, Drive and Salesforce, Box, etc) data and user behavior, looking for various factors including:

  • Sensitive data (based on customer business specialization)

  • User Behavior including:
  • Shared externally
  • Shared externally count
  • Heavy downloads
  • Abnormal deletes
  • Abnormal exports
  • Time of day of activities
  • IP address
  • Location
  • Simultaneous login
  • Heavy Acl (access control list) change activity
  • Url links inside emails or documents
  • Role of a user in an organization
  • Contextual data analysis

Using the above factors:

1. SysCloud uses data analytics and machine learning algorithms to detect various threats like malicious insiders, data exfiltration, compromised accounts, compliance, etc

2. SysCloud policy engine automatically protects you from threats

3. SysCloud alert, incident response, and exception management software allows you to be on top with ease

Free threat report

Install the SysCloud threat detection App from the Google Apps marketplace. This will scan and give you a free threat report. This report details specific threats using our analytics engine aided by machine learning. The report contains threat cards which provide risk insights into your organization’s cloud Apps data, users and Apps. Each card provides an insight specific to your industry, which can be further drilled down. Every card will also allow the IT team to take various actions specific to their business to mitigate the risk detailed in the card.

References/sources

 1. Verizon's 2016 Data Breach Investigation Report 2016, http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/

2. Intel Security, Grand Theft Data Data exfiltration study: Actors, tactics, and detection: http://www.mcafee.com/us/resources/reports/rp-data-exfiltration.pdf

About SysCloud Founded in 2010, SysCloud is a Google for Work Premier Partner. SysCloud detects and stops insider threats across cloud apps, which can damage an organization and its brand. The platform is currently used by over 1,500,000 users from 32 countries around the world. SysCloud has offices in California, New Jersey, and India. For more information please contact us at sales@syscloud.com or visit us at www.syscloud.com

In this article
  • Insider threats and their impact on businesses
  • Assigning a $ cost to the data breaches by insiders
  • Types of insider threats today
  • Why would our employees be a risk to our organization?
  • How SysCloud protects your organization from insider threats
  • Free threat report
  • References/sources
twitterlinkedin