91 percent of IT and security professionals feel vulnerable to insider threats, and 75 percent believe the biggest risks lie in cloud applications like popular file storage and email solutions such as Google Drive, Gmail, Dropbox and more.
“The rise of SaaS in the digital workplace has made companies more vulnerable than ever to insider threats,” said David Politis, founder and CEO, BetterCloud.
“A major reason is SaaS has given users all the control over data within the application and, as a result, IT and security teams have lost control. Another major challenge is the complexity of SaaS application architecture, which makes functions like sharing permissions and configurations difficult to manage. Because SaaS is new territory, companies are unprepared to deal with the security blind spots these challenges create.”
BetterCloud surveyed nearly 500 IT and network security professionals from the world’s leading enterprise organizations and released its first insider threats report: “State of Insider Threats in the Digital Workplace 2019.”
The company also looked at its own proprietary product data to shed light on where IT and security professionals are most vulnerable. Among the key findings:
- Nearly all of the IT and security professionals surveyed (91 percent) feel vulnerable to insider threats.
- 62 percent of respondents believe the biggest security threat comes from the well-meaning but negligent end user.
- 75 percent believe the biggest risks lie in cloud storage and email solutions (e.g., Google Drive, Dropbox, Box, OneDrive, etc.) and email (e.g., Gmail, Office 365).
- 46 percent of IT leaders (heads of IT and above) believe that the rise of SaaS applications make them the most vulnerable.
- 40 percent of respondents believe they are most vulnerable to exposure of confidential business information (financial information, customer lists).
- Only 26 percent of C-level executives say they’ve invested enough to mitigate the risk of insider threats, versus 44 percent of IT managers.
Politis adds, “Historically, companies have relied on perimeter-based security mechanisms like firewalls and intrusion detection systems to keep data inside company walls, but that paradigm simply doesn’t work in the cloud. Our findings make it clear that in order to combat these rising threats, organizations must expand their defenses by monitoring and managing the user and all of their interactions within the application.”