What does the IT, Finance, and Healthcare Industries All Share? A penchant for malware and data leaks it seems. The cloud access security company Skyhigh Networks released its fifth quarterly Cloud Adoption and Risk Report (registration required) and found that the financial services industry is the second-riskiest vertical based on employee behavior. A close third is healthcare. The findings are based on the average number of malware incidents and data exfiltration events collected over the last quarter from more than 10.5 million enterprise employees across major industry verticals.
I understand IT may be more susceptible. All of us IT type folks (including marketing) seem to be unafraid of software and potential security implications (unless you are a security professional). This makes some sense, since these companies tend to be early adopters and “have permissive policies regarding the use of cloud services.”
Now, as a person who puts money in the bank, and trusts (sort of) the healthcare industry, I was rather surprised that they are a very close second and third of industries that have the highest risk for malware and data leaks.
Though enterprises have begun adopting cloud applications to expand their business, employees are bringing many of their own apps into the workplace and on to corporate devices. In 2014, the average number of cloud services used by an enterprise came in at 738, 10 times more than what IT typically expects from its employees.
According to the article, “employees put many kinds of sensitive information into cloud applications that their corporate IT does not support, like Sharefile and Dropbox. And something as simple as logging into Evernote or a photo-sharing app with the same password as the one used for a corporate account can offer an easy avenue for hackers”.
Skyhigh considers cloud applications high-risk when they lack security features like multi-factor authentication and encryption and have grey areas in the user agreements around the rights to use data uploaded to the program. These applications may also have “a discouraging known-compromise history” and permit risky behaviors, such as anonymous use. According to the report, the average company uploaded 86.5 GB to a high-risk service.
According to the author, “the report raises an alarm because regulated companies are pretty flush with resources to build an infrastructure that maintains risk, he said, but at the end of the day, these verticals find they are not that much better in terms of risk.”
Not that much better? Of all the industries I can think of, finance and healthcare, as far as I am concerned should be leading the way, not trailing behind.