Connect with us

TECHNOLOGY

Data sprawl creates risk as personal app use in business continues to rise

Published

on

Someone using apps on a smartphone.


Cloud app use within organisations has continued to rise, already increasing 35% since the beginning of 2022, with an average company of 500-2,000 users uploading, creating, sharing or storing data in 138 different apps, and using an average of 1,558 distinct cloud apps each month.

This is according to Netskope, a specialist in Security Service Edge (SSE) and Zero Trust, which has released new research detailing the proliferation of cloud apps used within businesses worldwide.

The ‘Netskope Cloud and Threat Report: Cloud Data Sprawl’ found that more than one in five (22%) users upload, create, share or store data in personal apps and personal instances, with Gmail, WhatsApp, Google Drive, Facebook, WeTransfer, and LinkedIn ranking as the most popular personal apps and instances.

A personal app, such as WhatsApp, is an app that only sees personal usage from personal accounts. A personal instance is a personal account of an app that is also managed by the organisation. For example, someone’s personal Gmail account in an organisation that uses Google Workspaces is a personal instance.

Additionally, highlighting a continued trend in insider risk, the report revealed that one in five users (20%) upload an unusually high amount of data to such personal locations during the 30 days before they leave an organisation, marking an increase of 33% during the same time period last year.

Ray Canzanese, threat research director, Netskope Threat Labs, said: “Cloud apps have helped to increase productivity and enable hybrid work, but they have also caused an ever-increasing amount of data sprawl that puts sensitive data at risk.

“Personal apps and instances are particularly concerning, since users maintain access to data stored in those instances even well after they leave an organisation. Proactive security measures – especially policy controls that limit access to sensitive data to only authorised users and devices and prevent sensitive data from being uploaded to personal apps and personal instances – can help reduce the risks of loss or exposure of sensitive data.”

Additional key findings from the report include:

  • Personal app usage is lowest in Financial Services, highest in Retail: The Financial Services sector has the most success in limiting the flow of data into personal apps and instances, with less than one in 10 users (9.6%) doing so, whereas nearly four in 10 (39.1%) of users in the Retail sector upload data to personal apps and instances.
  • More users than ever are uploading, creating, sharing, or storing data in cloud apps: The percentage of users with data activity in cloud apps increased from 65% to 79% in the first five months of 2022, with Cloud Storage, Collaboration, and Webmail apps ranking as the top cloud app categories used within organisations.
  • Organisations use many apps with overlapping functionality: Of the 138 apps for which an organisation with 500–2,000 users uploads, creates, shares, or stores data, there are on average four Webmail apps, seven Cloud Storage Apps, and 17 Collaboration apps. This overlap can lead to security issues, such as misconfigurations, policy drift, and inconsistent access policies.

“Organisations are usually surprised when they discover just how many overlapping apps they are using. Gaining this visibility is an important step to helping rein in cloud sprawl and reduce the risks it poses to sensitive data. Once you know how data is being accessed, you can begin enforcing policies that reduce data risks without compromising productivity. Data security and productivity don’t have to be a tradeoff,” concluded Canzanese.

The Netskope Cloud and Threat Spotlight is produced by Netskope Threat Labs, a team composed of the industry’s foremost cloud threat and malware researchers who discover and analyse the latest cloud threats affecting enterprises. Findings are based on anonymised usage data between January 1 through May 31, 2022 and relating to a subset of Netskope customers with prior authorisation.

Tags: ,



Source link

TECHNOLOGY

On email security in the era of hybrid working

Published

on

Cloud Computing News


With remote working the future for so many global workforces – or at least some kind of hybrid arrangement – is there an impact on email security we are all missing? Oliver Paterson, director of product management at VIPRE Security, believes so.

“The timeframe that people expect now for you to reply to things is shortened massively,” says Paterson. “This puts additional stress and pressure on individuals, which can then also lead to further mistakes. [Employees] are not as aware if they get an email with a link coming in – and they’re actually more susceptible to clicking on it.”

The cybercriminal’s greatest friend is human error, and distraction makes for a perfect bedfellow. The remote working calendar means that meetings are now held in virtual rooms, instead of face-to-face. A great opportunity for a quick catch up on a few emails during a spot of downtime, perhaps? It’s also a great opportunity for an attacker to make you fall for a phishing attack.

“It’s really about putting in the forefront there that email is the major first factor when we talk about data breaches, and anything around cyberattacks and ransomware being deployed on people’s machines,” Paterson says around education. “We just need to be very aware that even though we think these things are changing, [you] need to add a lot more security, methods and the tactics that people are using to get into your business is still very similar.

“The attacks may be more sophisticated, but the actual attack vector is the same as it was 10-15 years ago.”

This bears true in the statistics. The Anti-Phishing Working Group (APWG) found in its Phishing Activity Trends Report (pdf) in February that attacks hit an all-time high in 2021. Attacks had tripled since early 2020 – in other words, since the pandemic began. 

VIPRE has many solutions to this age-old problem, and the email security product side of the business comes primarily under Paterson’s remit. One such product is VIPRE SafeSend, which focuses on misaddressed emails and prevents data leakage. “Everyone’s sent an email to the wrong person at some point in their life,” says Paterson. “It just depends how serious that’s been.”

Paterson notes one large FMCG brand, where a very senior C-level executive had the same name as someone else in the business much lower down. Naturally, plenty of emails went to the wrong place. “You try and get people to be uber-careful, but we’ve got technology solutions to help with those elements as well now,” says Paterson. “It’s making sure that businesses are aware of that, then also having it in one place.”

Another part of the product portfolio is with EDR (endpoint detection and response). The goal for VIPRE is to ‘take the complexities out of EDR management for small to medium-sized businesses and IT teams.’ Part of this is understanding what organisations really want. 

The basic knowledge is there, as many organisational surveys will show. Take a study from the Enterprise Security Group (ESG) released in October in terms of ransomware preparedness. Respondents cited network security (43%), backup infrastructure security (40%), endpoint (39%), email (36%) and data encryption (36%) as key prevention areas. Many security vendors offer this and much more – but how difficult is it to filter out the noise?

“People understand they need an endpoint solution, and an email security solution. There’s a lot of competitors out there and they’re all shouting about different things,” says Paterson. “So it’s really getting down to the nitty gritty of what they actually need as a business. That’s where we at VIPRE try to make it as easy as possible for clients. 

“A lot of companies do EDR at the moment, but what we’ve tried to do is get it down to the raw elements that every business will need, and maybe not all the bells and whistles that probably 99% of organisations aren’t going to need,” Paterson adds.

“We’re very much a company that puts a lot of emphasis on our clients and partners, where we treat everyone as an individual business. We get a lot of comments [from customers] that some of the biggest vendors in there just treat them as a number.”

Paterson is speaking at the Cyber Security & Cloud Expo Global, in London on December 1-2 around the rising threat of ransomware, and how the security industry evolves alongside this threat. Having a multi-layered approach will be a cornerstone of Paterson’s message, and his advice to businesses is sound.

“Take a closer look at those areas, those threat vectors, the way that they are coming into the business, and make sure that you are putting those industry-level systems in place,” he says. “A lot of businesses can get complacent and just continue renewing the same thing over and over again, without realising there are new features and additions. Misdelivery of email is a massive one – I would say the majority of businesses don’t have anything in place for it.

“Ask ‘where are the risk areas for your business?’ and understand those more, and then make sure to put those protection layers in place to help with things like ransomware attacks and other elements.”

(Photo by Cytonn Photography on Unsplash)

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.



Source link

Continue Reading

DON'T MISS ANY IMPORTANT NEWS!
Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

Trending

en_USEnglish