The concept of the 1%, in economic terms, usually refers to wealth inequality; however, a recent report from CloudLock shows that in cloud environments, 75% of the security risk can be attributed to just 1% of users.
This instance, of course, has more in common with the Pareto principle, whereby approximately 80% of the effects come from 20% of the causes, than anything else. Yet the report analyses a trend familiar to the readers of this publication; a key security risk when moving data to the cloud is not so much hackers, but employees and users.
The report, which analysed 10 million users, one billion files and more than 91,000 applications, found a high concentration of app users – 1% of users represent 62% of all app installs in the cloud. Additionally, if 1% of users represent 75% of the risk, 95% of users only represent 10% of the risk. The research also found that 52,000 instances of applications were installed by highly privileged users – a number the organisation claims to be zero given privileged accounts are coveted by cybercriminals.
This is the key point of the paper; CloudLock argues users are the weak point – but it is malicious actors who expand the issue. “While there has always been a risk associated with unintentional, user-induced risk exposure in the cloud, cybercriminals exacerbate concerns as they look to exploit users, often by employing increasingly clever spear phishing tactics to compromise credentials and gain access to corporate environments,” the report notes.
The report gives an example of an unnamed Silicon Valley company with a cloud deployment of 29 million files and 16,000 users. The top 1% of users owned 66% of the files, while 77% of the 800,000 instances of files being exposed outside of the organisation could be traced back to the top 100 users.
According to CloudLock CEO and co-founder Gil Zimmermann, risk can be reduced by involving the most active users in the security process; one client decreased risk of public exposures by 62% in just one day after following these steps. “Cyber attacks today target your users, not your infrastructure,” Zimmermann said. “As technology leaders wake up to this new reality, security programs are being reengineered to focus where true risk lies: with the user.
“The best defence is to know what typical user behaviour looks like – and, more importantly, what it doesn’t,” he added.