Skip to content

4 insider threats that should keep you up at night

BetterCloud

June 12, 2019

6 minute read

4InsiderThreatsThatShouldKeepYouUpatNight ftr

SaaS is revolutionizing the workplace, making collaboration easier and work more efficient. As companies move to SaaS, however, new insider threats have arisen, leaving IT and security teams without the tools to properly solve for them. SaaS Operations Management is uncharted waters; therefore, admins are still learning how to fully secure their environments. In many cases they’re still discovering where threats lie within these new environments.

If this is something you’re struggling with, you’re not alone. In fact, it is something that everyone is trying to navigate.

Former BetterCloud’s CISO Carlos Batista and Principal Solutions Engineer Mohammed Khalid hosted a webinar to discuss four of the most common, and most insidious, insider threats that you should be on the lookout for in your SaaS environment.

First things first: What is an insider threat?

An insider threat, at least for our purposes, is a current or former employee, contractor, or business partner who has access to an organization’s network, systems, or data. There are three types of insider threats: compromised, malicious, and negligent.

A compromised insider threat is when your network is exploited by an outsider, like a hacker, through compromised credentials. A malicious insider is someone who intentionally causes harm, either for personal or financial gain. Finally, a negligent insider is an end user who means well but accidentally exposes sensitive information.

Believe it or not, 62% of IT professionals believe that the negligent end user is actually their biggest security risk.

Four of the most common insider threats in the digital workplace, and the four that are discussed in this webinar, are data theft, group misconfiguration, data sharing, and excessive permissions.

1.) Data theft

How it happens

Often times, employees believe that whatever they create at a job, whether that be a book of business, code, or graphics, is theirs. Legally, however, that isn’t the case, but that may not deter an employee from downloading or exporting large amounts of data before they leave your company. Unfortunately, there are a lack of controls natively available within SaaS apps that allow you to see if or when employees are taking data with them.

Why it matters

The departing employee may not see this as malicious, but that doesn’t mean that it isn’t a threat to your company. Data dumps from soon-to-be former employees could mean a potential loss of trade secrets, intellectual property, market share, or revenue for your company. What started off as a benign act could end up costing your company.

How to solve it with BetterCloud

Khalid demonstrates how you can protect your environment from data theft by setting up customizable alerts and creating automated remediation policies in BetterCloud.

BetterCloud’s alerts and remediation actions are flexible, allowing you to secure your environment in the way that best fits your needs.

Poll question: How worried are you about employees taking data with them?


According to our webinar poll, 73% of IT professionals are very or somewhat worried about employees taking data with them. It’s important to note that none of the respondents are “not at all worried” about the threat of data loss. It’s a problem that everyone faces to some degree, but few people have a way to prevent it from happening in their environment.

2.) Group misconfiguration

How it happens

It’s difficult to keep track of all the groups across your SaaS applications. People will leave your organization or transfer departments, and contractors will finish their work. When this happens, you need to update your users’ group memberships, but it’s easy to overlook this. What ends up happening is security drift—people are left in groups that they don’t belong in and, therefore, retain access to confidential files that they should not have. Additionally, it’s easy to accidentally choose the wrong group settings when configuring your group. If your group is mistakenly made public, anyone is able to access and join your group, putting your data and security at risk.

Why it matters

When groups are misconfigured or people remain in groups they shouldn’t be in, this can result in inappropriate access to data and exposure of sensitive or confidential data.

How to solve it with BetterCloud

Group misconfiguration is a problem Khalid runs into with almost every customer he works with.

Khalid walks us through how to solve for group misconfiguration with BetterCloud. Not only does BetterCloud give you visibility into group settings, but it also gives you the ability to create alerts that will notify you when an external person is added to one of your groups.

Poll question: How do you currently keep track of external guests in your groups/channels?


Forty percent of our respondents use a manual process to keep track of external guests in groups, and an additional 20% don’t keep track at all. As Batista explains, “It’s a tough nut to crack.” He’s right. Unless you have a SaaS Operations Management platform in place, tracking group memberships is time consuming and difficult to stay on top of.

3.) Data sharing

How it happens

Data sharing is the most prevalent insider threat that we’ve seen. It’s very easy for an end user to accidentally misconfigure share settings, thus accidentally exposing sensitive data like credit card numbers, Social Security numbers, financial information, customer lists, etc.

Why it matters

Improper data sharing poses a huge threat to your company. It can result in data exposure, compliance fines, loss of intellectual property, loss of customer trust, negative press, brand reputation damage, drop in your share price—the list goes on, but in short, the negative repercussions could irreparably damage your business. Understanding how your data is shared is a vital step in managing your environment.

Our solutions engineers have seen improper data sharing in many of our customers’ environments—they have countless examples, both malicious and innocent, of improper data sharing and the implications it has for organizations.

One haunting story of data sharing gone wrong comes from a daycare. While Khalid was working in their environment, he found 15,000 pictures of young children shared publicly. Teachers had been sharing photos with parents, unaware that their share settings on the files made them public to anyone on the internet. This incident was a combination of a lack of education on the teacher’s side and a lack of visibility on IT’s side. However, this seemingly simple mistake put the privacy of children and the trust of the parents at risk.

How to solve it with BetterCloud

Determining if and where you have data shared is not always easy, but it is crucial in protecting your company. BetterCloud enables you to see who has shared what documents and automatically remediate any data exposures.

Poll question: Do you have a way to determine if you have any confidential data shared publicly?


Thirty-eight percent of our respondents either don’t have a way to determine if confidential data is shared publicly or aren’t sure if they do. While SaaS applications don’t natively give you much visibility into your environment, it is necessary to find a way to determine how your data is being shared.

P.S. Did you know that Slack is a file sharing platform? Most people don’t realize that users can create public links to files in Slack.

4.) Excessive permissions

How it happens

IT often has no choice but to make people super admins, since SaaS admin roles are natively binary. When a user requests elevated permissions, it’s not uncommon for the IT admin to grant that access and forget to take it away once the end user no longer needs it. To make things more complicated, there is no easy way to track permissions. This is how companies end up with too many super admins.

Why it matters

The least privilege model is best practice when it comes to super admins because each additional super admin you have in your environment increases your attack surface. The ability to have eyes on the number of super admins you have is vital in order to make sure you have thorough security in your SaaS environment.

How to solve it with BetterCloud

Excessive permissions are something that we see in almost every environment. Luckily, there is a three-part process you can set up in BetterCloud to help you remediate this problem.

Granular access roles allow you to give users the access they need to do their jobs, while also ensuring that no one has unnecessary elevated permissions.

Poll question: How are you managing who has admin access across your SaaS apps today?


The majority of admins (68%) are manually managing admin privileges across SaaS applications. Not only is this incredibly time consuming, but it’s also difficult to track even if you have the time to spare. This means that users with excessive access oftentimes slip through the cracks, leaving your workplace more vulnerable to attacks.

To learn more about how BetterCloud can help you detect and mitigate insider threats, request a demo.