Cyber ​​Security: New Report about Threats

New information security report

It was published in the month of August 22, by an important IT security solutions company, a new research that analyzes in detail the proliferation of cloud applications used in companies around the world. The report notes that the use of cloud applications within organizations continues to grow: since the beginning of 2022 it has already increased by 35%. The average business has between 500 and 2,000 users upload, create, share or store data in 138 different applications and use an average of 1,558 separate cloud applications each month.

The report found that more than 1 in 5 users (22%) upload, create, share or store data in personal applications and instances: Gmail , WhatsApp, Google Drive, Facebook, WeTransfer and LinkedIn are classified as the most used applications and personal instances.

A personal application, such as WhatsApp, is an app that is intended for use only from a personal account. Unlike a personal instance which is instead a personal account of an application also managed by the organization: for example, in an organization using Google Workspaces, a user’s personal Gmail account is a personal instance.< /span>

Furthermore, the report highlights a continuing trend towards risk coming from within the company (insider risk): the report revealed that 1 out of 5 (20%) upload an unusually large amount of data to the personal applications highlighted above in the 30 days leading up to an organization exit, which marks a 33% increase for the same period over last year.

“Cloud applications have helped increase productivity and enable hybrid working, but they have also caused a growing proliferation of data that puts sensitive information”, said the Company’s Threat Research Director who published the report. “Personal applications and instances are of particular concern, since users retain access to the data stored in those instances long after they leave the ‘organization. Proactive security measures, especially policy controls that limit access to sensitive data to only authorized users and devices and prevent sensitive data from being uploaded to personal applications and instances, can help reduce the risk of loss or exposure of sensitive data”.

Here are some of the most significant results of the new report:

• Personal application usage is lowest in financial services and highest in retail: While nearly 4 in 10 users (39.1%) in the retail sector upload data to personal applications and instances, the financial services sector is better at limiting the flow of data into personal applications and instances, with less than 1 in 10 users (9.6%).

• More and more users are uploading, creating, sharing or storing data in cloud applications: The percentage of users with data activity in cloud applications increased from 65% to 79% in the first five months of 2022. The most used categories of cloud applications within organizations are those of Cloud Storage, Collaboration and Webmail.

• Organizations use many applications with overlapping functionality: of the 138 applications used by an organization with 500–2,000 users to upload, create, share or archive data, there are on average 4 webmail applications, 7 cloud storage applications and 17 collaboration applications. This overlap can lead to security issues, such as misconfigurations, loss of policy effectiveness, and inconsistent access.

“Organizations are usually surprised when they discover how many overlay applications they are using. Gaining this visibility is an important step to help curb cloud sprawl and reduce the risk it poses to sensitive data. Once you understand how your data is being accessed, you can enforce policies that reduce data risk without compromising productivity. Data security and productivity must not be a compromise”, finally reads the report.

The above report is released by a team composed of the most important researchers in the sector on cloud and malware threats, which discovers and analyzes the latest cloud threats affecting businesses. The results are based on de-identified usage data collected between January 1 and May 31, 2022 for a subset of customers who opted-in via preventative.