When you think of cybersecurity threats, you may conjure up images of nefarious hackers, armed with the latest infiltration technology, dark eyes aglow as they sit hunched over laptop screens thinking of the riches to be gained by penetrating your company’s database of sensitive information.
What you probably don’t imagine is one of your own employees inadvertently opening the door for the bad guys, or them walking out the door with valuable data.
But that’s often the reality of data breaches. Threats aren’t always external. They’re often internal and not driven by malicious intent. Consequently, your organization needs to anticipate the risk and take measures to counteract it.
Why your own team may pose a cyber risk
As we have discussed in previous blog posts, the level of risk companies shoulder related to sensitive data residing in SaaS applications is often unknown or underestimated by security and IT teams responsible for corporate security. With so much reliance on applications such as Slack, Teams, Salesforce, Google Workspace and many more, and with so many collaborators interacting with company assets in the normal course of business today, organizations are exponentially expanding the possibilities for data exfiltration each time a new asset is created or shared within these applications.
Additionally, a greater percent of the people doing the work itself are less likely to be full-time employees working on-site as in the past. COVID-19 spurred more remote work, and that shift to a distributed approach is persisting even as companies are moving past the pandemic. Further, companies are growing increasingly reliant on service providers and independent contractors to handle special assignments or provide greater staffing flexibility.
What this means is that even if the percentage of activities that lead to data exposure remains low, the sheer volume of collaboration involving SaaS applications puts the typical enterprise at a dangerous level of risk.
The types of insider threats that exist by default
Through our work with numerous companies of differing sizes and operating in different verticals, we have identified the major threat models that could lead to data leakage or breaches. These threats are often accidental and can include sharing sensitive data through the following familiar scenarios:
On the face of it, all of these actions are innocent enough. But they still can result in major damage to your organization.
But the insider threat can also be intentional
Realistically, not all employees – and certainly not all independent contractors – are completely loyal to the company for which they’re working. With rapid turnover in many industries and the appeal of changing jobs to advance their careers elsewhere (or just receiving some cash in exchange for company secrets), there’s always a temptation for your internal team members to grab protected data for their own profit.
Just as SaaS applications make collaboration easier, they can make data exfiltration easier than in the days of housing data in on-premise servers. An unhappy employee or contractor who’s leaving your company might be inclined to download scads of valuable data from your Salesforce application, for example, on their way out the door.
Can you protect yourself from these intentional and unintentional threats?
Without a centralized, automated SaaS data access control system, being aware of these internal threats will be a challenge at best. Acting on them in a timely manner would be even more difficult.
That’s one of the reasons we developed DoControl – to give organizations a complete inventory of SaaS applications being used by the company and assets shared internally and externally, to monitor activities happening within those SaaS applications and to develop granular data access policies with automatic responses to limit data exposure. We’ve anticipated the problems posed by internal threats and developed templates and other tools to counteract them.
Knowing that all the threats to your private data don’t just come from evil-minded hackers sitting in darkened rooms but also involve ordinary employees naively or purposefully creating openings, maybe it’s time to talk with us. Use this contact form to get in touch. Also, download our Insider Threat White Paper for a more in depth look at the topic. We look forward to hearing from you.
This stat comes from the industry report we published earlier this year: The Immense Risk of Unmanaged SaaS Data Access. It’s a great read. We recommend you check it out.
Just as is with the cloud, securing SaaS is a shared responsibility. Providers are responsible for ensuring the security of their platforms, but there is an onus on the organization consuming the service to protect themselves from data overexposure and exfiltration, as well as cyber breaches and attacks.
In this blog we are going to focus on three of the most widely adopted SaaS applications, based on revenue and growth, as well as just general popularity. We will highlight the pitfalls and security gaps (note: these apps are not inherently insecure!), and how DoControl can help deliver a single, unified strategy to SaaS application security and reduce the risk of both data exfiltration and cyberattacks.