When I talk about colleague oversharers, I’m not talking about that one dreaded co-worker who tells you a little too much about their personal life over morning coffee. I’m actually referring to a different kind of oversharing – file oversharing.
As companies evolve to satisfy an increasingly mobile global workforce, file sharing has become pivotal to the smooth running of any organisation. Yet, while sharing documents at the click of a button is great for productivity, it’s also all too easy to put business information at risk.
File oversharing is a very real and serious issue. Symantec’s recent Cloud Security Threat Report shows a staggering 93% of global security leaders grapple with their employees oversharing cloud files containing sensitive company information, with on average 35% of files in the cloud being overshared. Add to that the fact that employees are often sharing these files via unrestricted access links, and we’re now looking at a whole host of additional questions around risky employee behaviour and the importance of educating employees about security.
Why does file oversharing matter?
Well, it’s quite simple. Around two-thirds of all security incidents now occur in the cloud and the potential risk is only set to increase in the coming year. To compound the issue, a huge proportion of those apps are not managed by the IT or security function. Indeed, on average, security leaders at companies with over 250 employees believe their organisation uses 452 cloud apps while, in reality, Symantec data shows that figure is actually an average of 1,807 cloud apps per organisation.
What’s more, with cloud platforms such as Office 365 organisations are in fact putting unmanaged cloud file-sharing options into employees’ hands. This disconnect shows a critical need for security leaders to get a firmer grip on the cloud apps used within their organisations.
There is a fundamental issue around the maturity of cloud-based security models. Symantec found 65% of companies are not getting the basics right, such as multi-factor authentication (MFA) when configuring IaaS and 80% admit to not using encryption. Not to mention the high-risk behaviour of their employees who set weak passwords, use personal devices for work, and share single credentials.
The consequences are obvious and tangible; 68% of respondents said that they have either seen direct or likely evidence that their data was for sale on the dark web.
How can companies fix it?
First and foremost, organisations must set the right security foundations. Almost three-quarters of respondents call out immature security practices in their organisation, including the use of personal accounts, and lack of multi-factor authentication (MFA) or data loss prevention (DLP) services. These fundamentals must be established to allow for companies to continually strengthen their security posture in the face of ever-growing threats.
Rolling automation and analytics services into security practices can also help identify and prioritise risky behaviours, identify malicious users, and escalate crucial security alerts. What’s more, implementing a Cloud Access Security Broker (CASB) and Data Loss Prevention (DLP) tools will give security professionals the visibility, data security and threat protection they need to enable their workforce to use cloud apps safely.
Artificial intelligence and machine learning have the potential to analyse massive amounts of telemetry data that would be simply impossible to human analysts. By integrating a security platform that uses these technologies not only can organisations reduce the analytical burden on their security teams, but they’re also able to accelerate analysis of targeted attacks, empowering businesses to direct limited resources to the most pressing problems.
Getting the workforce on board with security
Behaviour plays a huge part in cloud security. In fact, cloud incidents that result from employee behaviour, whether they be intentional, inadvertent, or through compromised credentials, are a major concern for half of all security professionals. Why? Well, the statistics speak for themselves: 42% of risky behaviour detected pointed to a potential cloud-account compromise, and respondents identified managing identity and authentication, phishing and accidental insider threats as the three highest threat categories emerging in the future.
Training programs and other initiatives are mission-critical in helping to change behaviour in the long term. Adopting a shared security model is key to changing culture and driving accountability within the organisation. With every user taking ownership in avoiding oversharing and adhering to company-wide policies on robust passwords, and the use of MFA and encryption, companies can generate a cloud security-savvy workforce and bolster their security posture.
The State of Technology This Week
Organisations’ must invest in maturing their security models to keep pace with the rapid expansion of cloud and cloud apps. Implementing a robust security model that meets the demands of today’s mobile workforce is essential and is but a fraction of a businesses’ overall digital transformation investment.