Insider Cybersecurity Risk Soars During Lockdown
Many insider threats are now considered more critical to corporate cybersecurity than before the pandemic, as organizations struggle to manage remote working staff, according to Netwrix.
The security vendor polled 937 IT professionals about how the COVID-19 crisis has changed the risk landscape, to compile its 2020 Cyber Threats Report.
Around a quarter admitted they feel more vulnerable to threats now than before the pandemic, with 85% of CISOs admitting they sacrificed cybersecurity to rapidly support remote working. As a result, 60% of respondents are concerned they may have left some security gaps in the process.
In many cases, it is concerns about user behavior that dominate: 58% believe that employees might ignore security rules and put data at risk.
The main insider risks highlighted by respondents as a critical threat to the organization are: accidental improper sharing of data (68%); misconfiguration of cloud services (66%); accidental mistakes by IT administrators (62%) and data theft by employees (66%).
Accidental IT admin mistakes (27%) and improper sharing of data (26%) were the second and third most common incident experienced by organizations, after phishing.
They were also among the hardest to detect; both took days rather than hours or minutes to spot in over a third of cases.
Large enterprises were more likely to experience IT administrator mistakes: 33% reported suffering at least one incident since working from home began.
“In this age of remote work, the insider threat can’t go unaddressed. We cannot emphasize enough the importance of paying attention to how employees handle sensitive data and follow security policies,” argued Ilia Sotnikov, VP of product management at Netwrix.
“Now is the time to revisit the founding principles of security — including tracking user activity, automating change and configuration auditing, and enabling alerts on harmful actions — to ensure that insider misbehavior is detected and addressed in a timely manner.”