Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

3/21/2019
02:00 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats

Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.

The pressure of increasing software-as-a-service (SaaS) deployments in the enterprise and the complexity of administering accounts across a varied cloud environment is ratcheting up the risk of insider threats. A new study out this week shows IT and cybersecurity professionals are struggling to stem the tide of negligent and malicious insider incidents in this era of pervasive cloud sharing, even when they use common security tools like cloud access security brokers (CASBs).

And while maintaining privacy of customers' personally identifiable information still remains a concern, the greater bulk of cloud-based insider risk revolves around business-critical data. So says the "2019 State of Insider Threats in the Digital Workplace" report, released Wednesday by BetterCloud, which shows almost half of IT leaders believe the rise of SaaS makes them most vulnerable to insider threats today. 

Based on a survey of approximately 500 IT and cybersecurity professionals, along with internal security data at more than 2,000 organizations, the report finds 92% of organizations with more than a quarter of their mission-critical apps in the cloud feel vulnerable to insider threats. Of those SaaS vectors that open them up to insider issues, respondents overwhelmingly name cloud storage and email as the biggest challenges — 75% report these to be the breeding ground of the biggest insider threat risks.

Some of the biggest challenges organizations face when it comes to securing data and applications in SaaS ecosystem is the sheer volume and dynamic nature of applications and account connections in play. Another recent report, the "2019 Annual SaaS Trends Report," by Blissfully, examines SaaS trends across nearly 1,000 companies and finds overall SaaS spending increased by 78% last year.  

At this point, companies now spend more on SaaS than they do on equipping employees with laptops. But, unlike laptops, SaaS vendors can be switched out with very little friction, which means the makeup of any given company's SaaS stack is always in flux. The typical midsize company has seen 39% of its SaaS stack change in the last year, according to the SaaS report. What's more, for every new SaaS app added or changed in an organization's ecosystem, the headache around managing account connections multiplies.

Take the typical organization with 200 to 501 employees. This kind of company uses an average of 123 SaaS apps, according to Blissfully. It sounds manageable, but across those the typical company of that size must keep tabs on an average of 2,700 app-to-person connections. That doesn't even account for the app-to-app connections that start to come into play when SaaS apps are integrated through APIs. 

This pervasiveness and complexity is why so many larger organizations still struggle so mightily to take control over how users interact with and share data in SaaS apps today. After all, SaaS security is hardly a new topic — security strategists have been warning about data security in SaaS for a decade now. While the rise of the CASB has helped many organizations mitigate a lot of their SaaS security risks compared with the early days, this latest insider threat report shows 95% of stakeholders at companies that use a CASB still feel vulnerable to insider threats. The reasons cited for why include the escalating freedom of SaaS users that enable unchecked decentralization of SaaS, blind spots in SaaS security created by new interactions between apps, and the growing complexity of managing configurations and file permissions.  

Plus, whereas in the past cloud and SaaS security was usually a compliance or regulatory concern, BetterCloud's insider threat report shows that 57% of organizations say insider cloud risks are highest around data fundamental to the existential viability of the business. This includes confidential business information and intellectual property. 

According to other recent reports, the pressure is only going to increase. Last month a joint report from Oracle and KPMG found almost half of IT and cybersecurity professionals expect to store the majority of their data in the cloud by 2020. In addition, 92% of organizations said they are concerned about employees following cloud policies to protect that data, and 82% are still so unclear about the shared responsibility model of security that they've experienced a security event as a result. 

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17210
PUBLISHED: 2019-07-20
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass t...
CVE-2019-12934
PUBLISHED: 2019-07-20
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
CVE-2019-9229
PUBLISHED: 2019-07-20
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can...
CVE-2019-12815
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
CVE-2019-13569
PUBLISHED: 2019-07-19
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.