CloudLock, a cybersecurity provider for cloud infrastructures, has published a report which shows that over 75% of all security incidents are caused by 1% of a company's employees.
Basing its findings on anonymous data received from 1,800 organizations, 10 million users, 1 billion files, and over 91,000 cloud applications installed over 2.8 million times, the report highlights how a small percentage of careless employees lead to serious data breaches and put the company's security at risk.
Besides the one-percenters that generate three quarters of security incidents, the CloudLock report also shows that 4% of users account for 15% of security risks, while the other 95% of users, only produce 10% of incidents.
Breaking down the data associated with the one-percenters, they are responsive for owning 57% of all cloud files, they account for 81% of all file sharing operations, they install 62% of all cloud apps, and also are responsible for 73% of excessively exposed files.
Additionally, the report also highlights that most industries are affected by this issue, and there's no special sector where the one-percenters tend to expose data more than the other.
A few cloud applications account for 65% of all installs
App installation in the cloud is another serious hot topic when it comes to security, the report showing that from the 540 unique third-party apps CloudLock analyzed, over 62% of them were installed by 1% of the company's users.
What was more worrying was that from the 91,000 instances of third-party apps running in the cloud, 52,000 of them were installed by privileged users.
Taking into account that the top 25 most installed apps comprise 65% of all app installations, an attacker could easily target a weaknesses in one of them, having a very high chance of infiltrating a large number of companies at the same time.
Since cloud-based services are becoming a more prevalent infrastructure in enterprises around the globe, it is crucial that employees are trained properly before being granted access to services that deal with sensitive information.