McAfee Report: Average Enterprise Experiences More Than 16 Insider Threats, Exploited Account Credentials and Data Exfiltration Incidents Each Month

Security Intelligence Tracks “Canary in the Coal Mine” to Reduce Risk of Data Loss

CAMPBELL, Calif. — October 27, 2015 – Skyhigh Networks, the Cloud Security and Enablement Company, today released the next edition of its quarterly Cloud Adoption and Risk Report. The Q4 2015 report, derived from analysis of actual cloud usage across over 23 million employees, uncovers how user behaviors put companies at risk and how catching and managing this behavior can be the proverbial “canary in the coal mine” in reducing the risk of data loss.

This report exposes the types of sensitive data stored in cloud services, how that data is shared within organizations and with third parties; and how risky employee behaviors put corporate data at risk. It also examines the external threats that use the cloud to exfiltrate sensitive data pilfered from on-premises systems as well as attacks directed at corporate data stored in cloud services. Finally, the report tracks general usage trends including the most widely used cloud services.

Report Highlights

Insider Threats.

Insider threats include behaviors that unintentionally expose an organization to risk, such as mistakenly sharing a spreadsheet with employee Social Security numbers externally. They also include malicious activity, such as exfiltrating proprietary data.

  • 89.6% of organizations experience at least one insider threat each month – that is up from 85% for the same quarter last year.
  • 55.6% of organizations experience unusual behavior by privileged users, such as administrators accessing data they should not, each month.
  • The average organization experiences 9.3 insider threats each month.

Compromised Accounts.

Slightly more than half of all organizations experience account compromises each month. Many business-critical cloud services support multi-factor authentication, and companies can reduce their exposure to account compromise by enabling this feature.

  • On average, organizations experience 5.1 incidents each month in which an unauthorized third party exploits stolen account credentials to gain access to corporate data stored in a cloud service.
  • Earlier research by Skyhigh showed that 92% of companies have cloud credentials for sale on the Darknet.

Data Exfiltration.

In order to extfiltrate stolen data from on-premises systems of record, hackers are increasingly turning to public cloud services.

  • The average organization experiences 2.4 cloud-enabled data exfiltration events each month.
  • The average incident involves 410.0 MB of data.

Risky Behavior and When Sharing is Erring.

The percentage of documents that are shared via file sharing services hit
an all-time high in Q3 of 2015. While enhanced collaboration between colleagues and business partners is a positive development, the ease with which data can be shared also carries the risk that a sensitive file may be unintentionally shared too broadly or outside the organization, violating company policies.

  • 28.1% of employees have uploaded a file containing sensitive data to the cloud.
  • The average organization shares documents with 849 external domains via these services.
  • Of all documents stored in file sharing services, 37.2% are shared with someone other than the document’s owner.
  • 71.6% of shared documents are shared internally with select users.
  • 12.9% of shared documents are shared with all employees within an organization.
  • 28.2% of shared documents are shared with business partners.
  • 5.4% of shared documents are accessible by anyone with a link.
  • 2.7% of shared documents are actually publicly accessible and indexed by Google.

What’s in a name?

As recent high-profile data breaches demonstrate, cyber criminals are seeking out documents containing company budgets, employee salaries and employee Social Security numbers. Their goal is often to disrupt the operations of these companies or to use this information for financial gain. It’s not uncommon for employees to use words like “bonus”, “budget” or “salary” in file names. The average enterprise has:

  • 7,886 docs with “budget” in the file name.
  • 6,097 docs with “salary” in the file name.
  • 2,681 docs with “bonus” in the file name.
  • 2,217 docs with “confidential” in the file name.
  • 1,156 docs with “password” in the file name.
  • 1,384 docs with “passport” in the file name
  • 248 docs with “confidential” in the file name.
  • 156 docs with “press release” in the file name.

Visit the Skyhigh website to download a copy of the Q4 Cloud Adoption & Risk Report.

About the Skyhigh Cloud Adoption & Risk Report

Skyhigh analyzes aggregated, anonymized cloud usage data for over 23 million users worldwide at companies across all major industries including: financial services, healthcare, public sector, education, retail, high tech, manufacturing, energy, utilities, legal, real estate, transportation and business services. Collectively, these users generate over 2 billion unique transactions in the cloud each day.

About Skyhigh Networks

Skyhigh Networks, the Cloud Security and Enablement Company, helps enterprises safely adopt cloud services while meeting their security, compliance and governance requirements. Over 500 enterprises including Aetna, Comcast, DIRECTV, HP and Western Union use Skyhigh to gain visibility into all cloud services in use and their associated risk; analyze cloud usage to identify security breaches, compromised accounts and insider threats; and seamlessly enforce security policies with encryption, data loss prevention, contextual access control and activity monitoring. Headquartered in Campbell, Calif., Skyhigh Networks is backed by Greylock Partners, Sequoia and You can follow us on Twitter @SkyhighNetworks or learn more at


Press Contact:

Katy Garlinghouse

Director of Corporate Communications

Skyhigh Networks

(408) 564-0278