Details gradually emerged to shed light on the 2012 Dropbox hack which was subsequently shown to have exposed some 68 million passwords, as well as the email addresses already known to have been stolen. A previously unreported Yahoo hack resulted in an alleged 200 million sets of separate credentials being made available on the dark web. With every one of these new massive caches of user credentials which are exposed, the risks to organisations grow exponentially.
With exploit kits on sale via the web, the level of knowledge required to launch a cyber-attack has been lowered. At the same time there are now all sorts of cyber-criminals with varying motivations on the hunt for data: lone wolves, hobbyists, hacktivist groups and state-sponsored hackers are all actively looking for a way in. The result is that sites and apps are under almost constant attack, and when attacks are successful this often results in the public disclosure of a raft of user information. Unfortunately, human nature dictates that these credentials are likely to have been used more than once to sign up for numerous cloud apps for personal and business use. Hackers know that when the same credentials are used over and over again, the value of these credentials increases and a breach of this data can provide access to many different cloud apps and services. This poses a very significant risk to the enterprise.
And this challenging landscape is made even more rocky by how firmly entrenched cloud apps are within modern organisations. On average, an astounding 1,053 cloud apps are found within a typical enterprise, according to Netskope's June 2017 Cloud Report. Of greater concern is the fact that 93.6 percent of those apps are not enterprise ready because they lack core auditing functions and security certifications. As more and more users become dependent on cloud apps to do their jobs, this problem is only going to grow in scale and severity.
As cloud and mobile use continues to soar, and growing numbers of data breaches lead to a higher volume of compromised credentials sloshing around the darker corners of the web, organisations are vulnerable. Most IT pros know that high volumes of sensitive corporate data are now either stored in or shared via the cloud. Combined with a growing number of targeted, cloud-borne threats, protecting data is becoming increasingly difficult. The delicate balance between empowering staff to access and use cloud apps while implementing sufficient protection against data loss is becoming that much harder to achieve.
As a result, organisations are turning to cloud access security brokers (CASBs) to combat these growing threats. CASB solutions enable the IT department to set policy based on an individual user's web reputation, which is based on the prevalence across the web of that user's most commonly deployed credentials. New employees submit their login credentials so that IT can run a reputation score. Policy is then implemented to reduce the threat posed by any sets of unsafe credentials. Draconian? A little, perhaps, but a necessary precaution when you consider what is at stake. This measure is not much different to checking the security stance of devices trying to connect to a network.
Worryingly for businesses, users can feel more confident using their corporate details to register for services online. We often feel less personally responsible for a corporate log-in, and sometimes use it less carefully as a result. This automatically passes on any resulting issues straight to their employer (“If this goes wrong then at least it's the IT department's problem, not mine.”)
Anyone using an employee's compromised credentials will appear to be an insider, unless extra intelligence can be used. Surgical visibility and control, and robust data analytics enable businesses to distinguish between employees and potential cyber-criminals. Unusual behaviour and strange usage patterns will tell security teams that something might be up, but only if they know what “normal” looks like. They will also need to have tools in place to unlock visibility and control of employee behaviour, such as a CASB solution.
Organisations should use policy and training to coach staff so that they can use secure cloud apps without impacting productivity or security. One powerful example would be a policy which would effectively triage uploaded data into the most suitable cloud storage app – Box, Dropbox, Egnyte, OneDrive, etc – based on the required security level dictated by the nature of the data. In this case, the decision of which app or service to use is taken out of the employee's hands. When policy is applied in this way, even if a consumer-grade cloud app were to be breached, the organisation can be sure that no critical data will be compromised.
Mitigating security risks from a company's entire cloud app ecosystem is not an easy task. Organisations can, however, take certain steps to better prepare their systems for such threats. Ultimately, visibility is key: the IT department needs better and more granular visibility into both sanctioned and unsanctioned cloud apps in a corporate environment. Gaining a complete understanding of how these apps are being used and how best to secure the data within them will permit staff to continue to work effectively in the cloud, and ensure that company data is not exposed to unnecessary risks.
Organisations can't control all of their users' credentials across the web, but they can take practical measures – to seek and block out hackers – to ensure that sets of credentials compromised in a breach don't come back to haunt them in the future.
Contributed by Andre Stewart, VP EMEA at Netskope
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.