In the early days of cloud services, enterprise SaaS services were not a significant target for hackers simply because they did not contain ample sensitive data compared to on-premises servers.

Fast forward to today.

The average company uploads several thousands of files every month to cloud services that are classified as sensitive, making up almost 16% of documents stored in file sharing services. Sensitive data comes in many shapes and sizes, from customer PII to confidential business information. Our latest research even discovered employees use file-sharing services as a repository for documents containing code. Where valuable data goes, hacking attempts will follow: this trend has caught the attention of criminal hackers. Attacks against cloud services have seen a 45% increase.

Considering the valuable data stored in cloud deployments, data exfiltration is no longer isolated to PCs and applications on the network. The average organization experiences 19.6 cloud-related security incidents each month. These events include insider threats (both accidental and malicious), privileged user threats, compromised accounts, and attacks that leverage the cloud as a vector for
 data exfiltration.

Cloud has risen as a major vector for insider threats. The average organization experiences 9.3 cloud-based insider threat incidents each month. Given the predominance of confidential business data in the file-sharing applications, it’s possible the next major insider theft of source code or other intellectual property could include data stolen from a cloud service. Almost 90% of organizations experience at least one incident per month on average. Privileged user threats, such as an application administrator deleting a large amount of data, occur monthly at almost 56% of organizations, with the average company experiencing 2.8 incidents each month. These threats are especially dangerous considering it may be difficult to separate malicious from normal administrator activity given the high-volume of events.

Triangle image from pg 12[15]

On average, more than half of organizations experience account compromises on a monthly basis. However, organizations average more than 5 incidents each month in which an unauthorized third-party exploits stolen account credentials to access corporate date in the cloud. Stolen cloud service credentials are sold on the Darknet for as low as $1 (price depends on what type of credential) and recent research from Skyhigh shows that 92% of companies have cloud credentials for sale on the Darknet.

Attackers constantly invent new ways to exfiltrate stolen data from on-premises systems. Hackers often turn to public cloud services to exfiltrate their data because they are often unmonitored. The average organization loses 984 MB of data each month, from an average of 2.4 cloud-enabled data exfiltration incidents. One example Skyhigh discovered relied on malware that infected an employee’s laptop and used Twitter to exfiltrate the stolen data, 140 characters at a time, across 86,000 tweets.

data exfiltration img from pg 12[17]

From the numbers, it’s clear the cloud has arrived as a core enabler of all business functions. It’s no surprise that this signals the arrival of the cloud as a major target for threats as well. The key benefits of cloud, specifically access across locations and devices, also exacerbate the challenges of securing data in cloud services. Fortunately, cloud services support monitoring capabilities aimed at preventing threats coming from customer accounts. Enterprises will need to leverage new advancements in machine learning to sift through increasingly large haystacks of cloud activity data and automate threat detection using a combination of user behavioral analytics and geo-location analytics to find the needles.