OneDrive for Business – Rising in Popularity and Data Breaches
According to Skyhigh Networks, OneDrive for Business is leading the Microsoft pack and has displaced Exchange Online as the most used Office 365 application. But data vulnerabilities and potential data breaches in OneDrive for Business are detracting from its success. Seriously, Office 365 and OneDrive for Business are gold mines for cybercriminals.
First of all, let’s gain some perspective. According to Skyhigh Networks, the average Office 365 account uploads 1.37 TB of data to Yammer, SharePoint Online, and OneDrive for Business every month. That’s the equivalent of 120 million pages of Microsoft Word documents. Analyzing the data, it was found that 17.4% of the content in OneDrive for Business contained some form of sensitive information, including payment, healthcare, personal, or confidential data. Naptime over, do you think end user training is needed?
With companies typically experiencing 5.1 security incidents per month, the cloud is not as safe as some would still like to believe. According to Microsoft, Office 365 saw a growth in malware of 600% last year, with ransomware being the most pervasive form of attack. Why not? For mere pennies per month, cybercriminals can buy their own license of Office 365 and understand the ins and outs of the security. It actually is a great target. After that lovely thought, be aware that 92% of organizations have user credentials for sale on the dark web. I am beginning to wonder why any hacker would fail.
Just when you thought it couldn’t get worse, it does. Trust me. Skyhigh Network’s research also found that, “9.2% of documents in file sharing services shared externally contain sensitive data. And of shared files, 12.9% are accessible by everyone in the company, which can be risky for certain types of data. The average company stores 6,097 files with “salary” in the file name in file sharing services, and 1,156 files with “password” in the file name, evidencing the fact that users often fail to consider even basic security best practices when storing data in the cloud.” Did I already suggest training?
Enter data loss prevention (DLP). What’s the problem? 17.4% of the documents stored in OneDrive contain sensitive information. But DLP works after the fact. Encryption is a security feature for OneDrive, but cybercriminals are now using encryption. DLP isn’t going to flag the payroll or password documents. End users will get a warning if they try to upload a document with a standard descriptor that DLP includes. If the content is sensitive to the organization, it won’t be flagged.
We understood this. Our conceptClassifier platform and conceptClassifier for OneDrive for Business application can identify and protect any organizationally-defined confidential or sensitive information, from within content. And they can be run in real time.
Easily-defined workflows, developed with business users in mind, can be rapidly created to automate the entire process, including identification, classification, changing the content type, moving to a secure repository, and preventing download capabilities. Of course, they will also identify the standard descriptors. Since our technology automatically generates metadata consisting of phrases and concepts, you aren’t limited in what you can search for.
What are you doing about security in the cloud? Do you have all the bells and whistles? What are you doing about the cybercriminals already inside your organization?
Our webinars also address the topics explored in our blogs. Access all our webinar recordings and presentation slides at any time, from our website, in the Recorded Webinars area, via the Resources tab.