The hacker-in-the-hoodie or the anonymous ‘Guy Fawkes’ mask have both become symbols synonymous with data breaches. Each one supports the common perception that breaches happen when outsiders with malicious intent somehow evade prevention and detection controls and steal sensitive data.
While this may be true, we’ve seen consistently in the Notifiable Data Breach Reports issued quarterly by the Australian Information Commissioner (OAIC) that human error continues to account for almost one-third of all reported breaches.
Many of these breaches could have been avoided easily. In fact, the numbers that could be attributed to error are likely higher if we consider that external attackers are taking advantage of internal mistakes in order to gain access to data. Errors include system misconfigurations, the use of weak system passwords, or inappropriately stored or shared data within the cloud.
In addition to malicious insiders, these errors are often made by trusted users who make simple and avoidable mistakes. Cloud-based tools provide extensive financial, flexibility, and productivity benefits, but also make it easy to leak and share data with unauthorised parties when appropriate security solutions and practices are not deployed.
As such, windows and doors are being left open by players on the home team. Could overall cyber security be improved if more focus were given to insider threats?
Just like having a firewall for on-premises applications, storage and data, IT teams must be equipped with appropriate security tools that will allow them to utilise cloud services properly.
Unfortunately, some organisations believe mistakenly that cloud service providers like Microsoft, Amazon, Salesforce and others do everything required to ensure that corporate data is secure in the cloud.
Yet this is not the case. While cloud service providers must ensure that the underlying infrastructure and back-end processes behind their cloud offerings are inherently secure, it is up to organisations using the cloud to make sure they are doing so safely and are securing access to the data they store in cloud platforms.
This is known as the shared responsibility model of security. It means that cloud service providers are responsible for security of the cloud, while organisations using their services are responsible for security in the cloud. Ultimately, a great deal of responsibility falls to the enterprises using cloud services. As such, they must take steps to ensure they are truly protecting their data from threats, including malicious and careless insiders.
Unfortunately, many organisations move to the cloud without taking their responsibility seriously (or perhaps without even knowing about it). Improperly stored and shared data, as well as improperly configured cloud systems, may be rampant in an enterprise without the knowledge of its IT department. This is often because they are relying on tools that, while once comprehensive, are no longer adequate in cloud environments.
The traditional perimeter and endpoint tools used for cyber security don’t extend to the cloud because employees, data and applications have moved off premises, and because the devices used to access this data are no longer all managed devices. In other words, the moat and drawbridge may remain, but the castle and the people have moved.
Clearly, what’s required is a shift in the way that companies are approaching security – the focus must be on identity, data and cloud rather than on endpoints or network perimeters.
As such, organisations that have been utilising SaaS and IaaS tools are turning to cloud access security brokers (CASBs) to gain visibility and control over their data. CASBs can enable the safe and rapid adoption of cloud services with comprehensive data protection, threat protection, identity and access management and visibility. All of this is defined from a single dashboard and applied consistently across an organisation’s entire cloud footprint.
If an organisation stores data in the cloud, enables personal device access to data, and has users outside the firewall, reducing the risk of a data breach requires the IT department to maintain constant visibility and control wherever data goes. This is essential to protect sensitive information from external threats, to stop data leakage, and to help prevent users from making avoidable mistakes and poor choices – whether they are malicious or not.