Skip to content

State of insider threats in the digital workplace 2019


March 20, 2019

6 minute read

insiderthreatreportblog og

We’re excited to announce the release of our State of Insider Threats in the Digital Workplace 2019 report.

Featuring survey data from 500 IT and security professionals, proprietary product data from 2,000+ BetterCloud customers, and commentary based on BetterCloud’s 7+ years of industry experience, this is the most comprehensive insider threats report to date.

This report sheds new light on where IT and security professionals feel the most vulnerable, what they feel most vulnerable to, and how they’re mitigating insider threats.

Insiders—people already in your organization—pose a pervasive security risk. And with the rise of SaaS applications, it’s easier than ever to expose confidential data, whether it’s intentional or not. As a result, a new type of insider threat is taking shape.

Here’s an excerpt from our report.

6 key findings

BetterCloud insider threats

1. Just about everyone feels vulnerable to insider threats; 91% of respondents feel vulnerable.

2. Ninety-five percent of people using a CASB still feel vulnerable to insider threats.

3. Well-meaning but negligent end users pose the biggest security threat, according to 62% of respondents.

4. The biggest security challenge lies in cloud storage/file sharing and email technologies, according to 75% of respondents.

5. Forty-six percent of IT leaders believe that the rise of SaaS apps makes them the most vulnerable to insider threats.

6. Seventy-four percent of C-level executives don’t think they’ve invested enough to mitigate the risk of insider threats.

A new breed of insider threats

Data exfiltration is occurring in ways beyond phishing, malware, poor password hygiene, unlocked devices, or data transfers to USB drives.

Today, data exfiltration is also happening through SaaS applications. SaaS is the new threat vector, and it’s creating a new generation of insider threats for three reasons:

1. End users have a lot of freedom and power when using SaaS apps (and as a result, IT and security teams are losing control)

With SaaS apps, users can share files freely with just about anyone inside or outside the org: colleagues, partners, customers, contractors, even competitors. They can share documents, calendars, spreadsheets, and presentations publicly on the web, meaning anyone on the Internet can find and access them, since these files are scraped and indexed by search engines.

2. SaaS creates dangerous blind spots—hidden security threats that many IT and security professionals don’t even know exist

Because SaaS is so new, everyone’s sort of “figuring things out as they go.” In fact, 78% of IT professionals are just getting started managing SaaS apps or teaching themselves. You don’t know what you don’t know. On a recent webinar poll, we found that 86% of IT professionals think (or aren’t sure if) they have confidential/sensitive data exposed.

3. File sharing permissions and configurations are complex

In 2018, the Kenna Security research team discovered a widespread misconfiguration in Google Groups that exposed sensitive information at 3,000 organizations.

The reason for the misconfiguration?

“Due to complexity in terminology and organization-wide vs. group-specific permissions, it’s possible for list administrators to inadvertently expose email list contents,” Kenna Security wrote. “In practice, this affects a significant number of organizations.”

There are dozens of privacy and access settings for both end users and admins alike.

One mistake—one simple misconfiguration—can easily expose data. How can your average end user (or admin) be expected to understand and navigate all of these complex permissions securely?

The very beauty of SaaS—the ability to collaborate, the ease of sharing data—is also its ugliest and most dangerous security risk.

This new insider threat stems from the user and all their interactions with data.

A universal concern

Just about everyone feels vulnerable to insider threats. Ninety-one percent of our respondents said they felt vulnerable.

Who feels vulnerable?

What’s interesting here when we break it down by role is that 92% of C-level executives feel vulnerable to insider threats, vs. 83% of system/IT admins. Usually, we’d expect to see the higher percentage from admins.

Because they’re in the trenches every day, admins typically feel the pain of security vulnerabilities more keenly than execs. Often there is a disconnect between these two groups.

This data suggests that the disconnect may be lessening. Perhaps insider threats, which are growing year over year, are now more top of mind for executives.

Insider threats have a business-wide impact. As the C-suite assumes greater responsibility for cybersecurity and takes a more active role in shaping their companies’ security strategies, they may have a better understanding of this impact.

As companies adopt more SaaS applications and progress along their cloud journey, they feel increasingly vulnerable to insider threats. When the usage of SaaS becomes widespread and companies store more of their business-critical data in the cloud, more sensitive data is potentially at risk.

What type of insider poses the biggest security risk?

Which type of actor poses the biggest threat?

The most dangerous type of actor is the negligent end user, according to 62% of respondents.

Only 21% of our respondents thought malicious actors (intentionally causing harm, either for personal or financial gain) posed the biggest threat. Even fewer (17%) thought compromised users (exploited by outsiders through compromised credentials) posed the biggest threat.

Negligent users are your ordinary employees. They mean well, but they can be careless and unintentionally expose sensitive information. They are particularly dangerous because they have access to critical assets, but lack the training or knowledge to keep sensitive information safe as they do their jobs.

And for companies that are powered by SaaS apps, the negligent end user has even more freedom to unintentionally expose sensitive information. This statistic illustrates the extent of human error and the importance of end user training.

What type of technology poses the biggest security risk?

Forty-one percent of respondents believe that too many endpoints (e.g., user devices, computers, networks, etc.) make them the most vulnerable to insider threats.

The next two factors were too many users with admin privileges across applications and devices, and the rise of SaaS applications, at 26% and 25% respectively.

The confluence of these factors has created an environment ripe for security threats. IT and security teams must now grapple with securing devices (e.g., mobile device management, policy management, device access and tracking). The rise of SaaS means that they must also control and secure users’ connections (i.e., authentications) to all of their SaaS apps.

On top of that, they must also control and secure users’ interactions across their SaaS apps (e.g., entitlements/admin privileges, file sharing, groups, calendars, email forwarding, file downloads, etc.). These factors create a complex IT environment that presents numerous security challenges.

When looking at IT leaders only (heads of IT and above), almost half (46%) say that the rise of SaaS applications makes them the most vulnerable to insider threats.

Which technology within your SaaS environment poses the biggest security challenge?

Seventy-five percent of respondents believe that cloud storage/file sharing and email pose the biggest security challenge.

Nearly half (41%) of respondents believe that cloud storage/file sharing (Google Drive, Dropbox, Box, OneDrive, etc.) pose the biggest security challenge.

This is not surprising, given that organizations likely store their most sensitive and valuable data here. These apps also provide the most freedom and flexibility for collaboration. File sharing and openness make these apps beneficial, and by the same token, they also create security risks.

Email (Gmail, Office 365, etc.) was next, with 34% of respondents saying that this technology was the biggest security challenge.

Other SaaS collaboration tools were far behind. CRM (Salesforce, NetSuite, etc.), chat programs (Slack, Hipchat, etc.), and video (Hangouts, Zoom, Skype, etc.) represented the biggest security challenge for only 6%, 3%, and 2% of our respondents, respectively.

Of course, your response to this question will depend on where your most sensitive data is stored
and what type of business you are. Nonetheless, the reality is that your business data is stored in some type of SaaS app today.


To learn more about how BetterCloud can secure user interactions in your digital workplace, request a demo.