The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. In 2016 CSA released ‘Treacherous 12: Top Threats to Cloud Computing + Industry Insights’ article to provide readers with a real-world glimpse into what is currently occurring in the security industry. InstaSafe has refreshed release to the 2016 article that includes new real-world anecdotes and examples of recent incidents that relate to each of the 12 cloud computing threat categories identified in the original paper.
“It’s our hope that these updates will not only provide readers with a more relevant context in which to evaluate the top threats but that the enhanced article will provide them with a real-world glimpse into what is currently occurring in the security industry.
CERN defines an insider threat as follows: “A malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems.”
But there is a debate on the adversary effect of this threat. Many organizations do not treat these threats seriously. Such threats include fraud, sabotage, and theft or loss of confidential information caused by trusted insiders. These threats go beyond negligence.
6.2 Business Impacts
A malicious insider, such as a system administrator, can access potentially sensitive information.
From IaaS to PaaS and SaaS, a malicious insider can have increased levels of access to more critical systems and eventually to data. Systems that depend solely on the cloud service provider (CSP) for security are at greater risk here.
Implementations that use encryption provided by the CSP are still vulnerable to a malicious insider attack, even though the service provider’s key management duties are separated from data storage administration in mature organizations. The key finding here surrounds the CSP’s auditable processes and any observations of ad hoc or less than-measured procedures. The controls available to limit risk from malicious insiders include controlling the encryption process and keys yourself, ensuring that the CSP has proper policies; segregating duties; minimizing access by role; and effective logging, monitoring and auditing of administrators’ activities.
It should be noted that the “Insider Threat” does not always involve malicious actors. Insiders might not necessarily be malicious but are “just trying to get their job done”. For example, they might accidentally upload a customer database to a public repository or copy sensitive data between jurisdictions or countries.
6.3 Anecdotes and Examples
Alphabet, Google’s parent company, recently filed a lawsuit against its former engineer Anthony Levandowski, who is now working with Uber. The company accused Levandowski of copying more than 14,000 internal files and taking them directly to his new employer.
Zynga Inc. accused two former high-level workers and their new employer of stealing confidential data from the online social game maker in a lawsuit filed in California federal court.
On a sector level, The healthcare sector and IT suffered the most from malicious insider attacks at a rate far higher than any other major industry in 2016, according to new research from IBM.
1. The Treacherous 12 – Cloud Computing Top Threats in 2016
2. Healthcare industry is king of the malicious insider threat
3. Malicious Insider Threats Greater than Most IT Executives Think
4. Zynga sues two former employees over data theft