By Ericka Chickowski 1

A survey of more than 500 cybersecurity professionals shows that cloud environments can play a significant role in increasing the risks of insider threats. Conducted by the Information Security Community on LinkedIn with the help of a dozen different security vendors, the survey found that 62 percent of security professionals report that insider threats have become more prevalent in the past year.

Among those threats, the breakdown was nearly half-and-half from inadvertent breaches at the hands of careless users and malicious data breaches from more sinister insider activities. Among those IT assets most at risk, 57 percent considered databases the most vulnerable to insider attacks but cloud ranked right up there, with 31 percent of respondents reporting them to be most vulnerable to attacks.

Cloud storage and file sharing apps were neck-and-neck with collaboration and communication apps when it came to ranking those apps most vulnerable to insider attacks. Meanwhile, while endpoints were ranked by 56 percent of respondents as one of the most common launch points for insider attacks, 22 percent of respondents said cloud applications were a common place for these attacks to start.

These increased insider threats, particularly around cloud assets, actually offers a number of avenues of opportunity for partners willing to build out their service portfolio, says Rohit Gupta, CEO of Palerra, which was one of the survey sponsors. For example, partners would do well to use cloud security tools to help organizations analyze user activity across SaaS, PaaS and IaaS infrastructure, he says.

“This will give them a holistic view which helps in detecting cross-cloud threats,” he says. “For example, if a user uses Box to download a confidential file and then emails that file to a competitor using Office 365, that could indicate a risk.”

Additionally, partners can help organizations address compliance concerns through services and products that monitoring and alerting around configurations within cloud services.

“For example, an organization’s policy might require users to access Box using SSL only,” Gupta says. “But if a privileged user or administrator intentionally or accidentally turns off the SSL setting, that would violate the policy and a notification must be issued immediately to fix the configuration drift.”

There’s also an opportunity for partners to build out incident detection and response capabilities around anomalous user activity within cloud services.

“If a user is seen to log in from New York into Salesforce at 10am and then we see the same user log in to Box at 10:01 a.m. from Tokyo, that would suggest that there might an account hijacking issue,” he says. “In this case, the user account should be suspended immediately to close the window of opportunity for a breach.”

In spite of the increased risk of insider attacks through and against cloud assets, most IT departments haven’t caught up with appropriate defensive strategies. For example, while 75 percent of organizations deploy user monitoring for on-premises applications, only 25 percent monitor user behavior in the cloud. Overall, fewer than half of organizations report that they have appropriate controls to prevent insider threats from wreaking damage.