When you think of cybersecurity threats, you may conjure up images of nefarious hackers, armed with the latest infiltration technology, dark eyes aglow as they sit hunched over laptop screens thinking of the riches to be gained by penetrating your company’s database of sensitive information.
What you probably don’t imagine is one of your own employees inadvertently opening the door for the bad guys, or them walking out the door with valuable data.
But that’s often the reality of data breaches. Threats aren’t always external. They’re often internal and not driven by malicious intent. Consequently, your organization needs to anticipate the risk and take measures to counteract it.
Why your own team may pose a cyber risk
As we have discussed in previous blog posts, the level of risk companies shoulder related to sensitive data residing in SaaS applications is often unknown or underestimated by security and IT teams responsible for corporate security. With so much reliance on applications such as Slack, Teams, Salesforce, Google Workspace and many more, and with so many collaborators interacting with company assets in the normal course of business today, organizations are exponentially expanding the possibilities for data exfiltration each time a new asset is created or shared within these applications.
Additionally, a greater percent of the people doing the work itself are less likely to be full-time employees working on-site as in the past. COVID-19 spurred more remote work, and that shift to a distributed approach is persisting even as companies are moving past the pandemic. Further, companies are growing increasingly reliant on service providers and independent contractors to handle special assignments or provide greater staffing flexibility.
What this means is that even if the percentage of activities that lead to data exposure remains low, the sheer volume of collaboration involving SaaS applications puts the typical enterprise at a dangerous level of risk.
The types of insider threats that exist by default
Through our work with numerous companies of differing sizes and operating in different verticals, we have identified the major threat models that could lead to data leakage or breaches. These threats are often accidental and can include sharing sensitive data through the following familiar scenarios:
On the face of it, all of these actions are innocent enough. But they still can result in major damage to your organization.
But the insider threat can also be intentional
Realistically, not all employees – and certainly not all independent contractors – are completely loyal to the company for which they’re working. With rapid turnover in many industries and the appeal of changing jobs to advance their careers elsewhere (or just receiving some cash in exchange for company secrets), there’s always a temptation for your internal team members to grab protected data for their own profit.
Just as SaaS applications make collaboration easier, they can make data exfiltration easier than in the days of housing data in on-premise servers. An unhappy employee or contractor who’s leaving your company might be inclined to download scads of valuable data from your Salesforce application, for example, on their way out the door.
Can you protect yourself from these intentional and unintentional threats?
Without a centralized, automated SaaS data access control system, being aware of these internal threats will be a challenge at best. Acting on them in a timely manner would be even more difficult.
That’s one of the reasons we developed DoControl – to give organizations a complete inventory of SaaS applications being used by the company and assets shared internally and externally, to monitor activities happening within those SaaS applications and to develop granular data access policies with automatic responses to limit data exposure. We’ve anticipated the problems posed by internal threats and developed templates and other tools to counteract them.
Knowing that all the threats to your private data don’t just come from evil-minded hackers sitting in darkened rooms but also involve ordinary employees naively or purposefully creating openings, maybe it’s time to talk with us. Use this contact form to get in touch. Also, download our Insider Threat White Paper for a more in depth look at the topic. We look forward to hearing from you.
This stat comes from the industry report we published earlier this year: The Immense Risk of Unmanaged SaaS Data Access. It’s a great read. We recommend you check it out.
We are excited to announce our expansion of DoControl’s integrated technology partnership program to include Datadog. As a leading platform provider for monitoring and security for cloud applications, the integration with Datadog allows security operations teams to have a more holistic view of risk across the mission-critical Software as a Service (SaaS) applications being leveraged to enable business enablement and productivity.
The last time the RSA Conference was a live, in-person event was right before the world as we knew it came to a screeching halt. Every technology vendor did their best to rollout “virtual” events which were in no way comparable to the real thing. Everyone – including all of us here at DoControl – was missing the “human connection.” As a vendor that was “born out of the pandemic,” we were very excited to (for the first time!) meet face-to-face with prospects, customers, peers, partners and more to talk about all things Software as a Service (SaaS) data security.
When it comes to addressing insider risk, security starts within. Protecting sensitive company data from exfiltration and misuse requires a combination of the right people, process, and technology. Managing insider risk and preventing threats to the business is not achieved with any of these pillars individually. Modern businesses require technology that prevents and detects unauthorized access to critical assets; processes to support automated data access remediation; and people that are educated about – and watchful of – potentially risky activity who can course-correct during potentially risky activity. Modern organizations need all three pillars interconnected in order to protect their most critical assets.