Insider Security Risk Soars During Lockdown

Uploaded on 2020-12-15 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

The number of corporate insider threats are now seen as far more critical to cyber security than before the Coronavirus made remote working the new normal, according to a new Report from the information security & governance experts at Netwrix.  
 
They  polled 937 IT professionals about how the COVID-19 crisis has changed the risk landscape and it has now published its 2020 Cyber Threats Report
 
The Report finds that 39% of respondents said they improved their cyber security during the virus, but nearly 25% thought there was now far higher cyber risks than before the lockdown. 
 
Around a quarter admitted they feel more vulnerable to threats now than before the pandemic, with 85% of CISOs admitting they sacrificed cybersecurity to rapidly support remote working. As a result, 60% of respondents are concerned they may have left some security gaps in the process. 
 
In many cases, it is concerns about user behavior that dominate: 58% believe that employees might ignore security rules and put data at risk. The main insider risks highlighted by respondents as a critical threat to the organisation are:
 
  • Accidental improper sharing of data (68%)
  • Misconfiguration of cloud services (66%)
  • Accidental mistakes by IT administrators (62%)
  • Data theft by employees (66%).
 
Accidental IT admin mistakes and improper sharing of data were the most common incident experienced by organisations, after phishing. They were also among the hardest to detect; both took days rather than hours or minutes to spot in over a third of cases. 
 
Large enterprises were more likely to experience IT administrator mistakes: 33% reported suffering at least one incident since working from home began.
 
To help you protect your organisation and remote workers from cyber attack, Netwrix offers the following advice:
  • Provide regular user training on how to identify suspicious links and attachments and how to report them.
  • Enable continuous IT auditing with alerts on signs of ransomware in progress, such as unusual spikes of activity across file repositories.
  • Harden data access governance by revoking excessive access rights.
  • Establish and rigorously enforce a least-privilege model.
  • Use privileged access management (PAM) solutions to restrict admin activity.
  • Automate change auditing across key IT systems to detect issues as they emerge.
  • Conduct periodic reviews to spot any deviations in system configuration from a healthy baseline.
 
Netwrix:      TechRepublic:      Infosecurity Magazine:       Dark Reading
 
You Might Also Read:
 
Remote Working: Five Best Ways To Prevent A Data Breach:
 
 
« The Personal Data Being Used To Get Your Vote
E-Businesses That Don’t Require Employees »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Information Risk Management (IRM)

Information Risk Management (IRM)

IRM is an international consultancy dedicated to helping organisations solve key business issues. We provide strategic cyber security advice across a wide range of sectors.

RSA Conference

RSA Conference

RSA Conference conducts information security events around the globe that connect you to industry leaders and highly relevant information.

Cigniti Technologies

Cigniti Technologies

Cigniti Technologies provides Independent Software Testing (IST) Services including software security testing.

Beachhead Solutions

Beachhead Solutions

Beachhead's SimplySecure is a configurable, web-based management tool allowing you to remotely secure vulnerable mobile devices in your organization.

National Association of Software and Services Companies (NASSCOM) - India

National Association of Software and Services Companies (NASSCOM) - India

NASSCOM is a trade association of Indian Information Technology and Business Process Outsourcing industry. Areas of activity include cyber security.

Resolver

Resolver

Resolver’s Integrated Risk Management platform helps plan and prepare your organization to limit the likeliness or impact of security risk and compliance events from occurring.

Fujitsu

Fujitsu

Fujitsu is the leading Japanese global information and communication technology company, offering a full range of products, solutions and services including Managed IT Services and Cyber Security.

DAkkS

DAkkS

DAkkS is the national accreditation body for Germany. The directory of members provides details of organisations offering certification services for ISO 27001.

Secure-IC

Secure-IC

Secure-IC provide end-to-end, best-of-breed security expertise, solutions, and hardware & software technologies, for embedded systems and connected objects.

CSC Digital Brand Services

CSC Digital Brand Services

Our brand protection and security expertise give our customers peace of mind that no matter how fast the digital world changes, their intellectual property and digital assets will be secure.

Strike Graph

Strike Graph

The Strike Graph GRC platform enables Security Audits & Certifications.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

Blackpanda

Blackpanda

Blackpanda is Asia’s premier cyber security incident response group, hyper-focused on digital forensics and cyber crisis response.

SecureClaw

SecureClaw

SecureClaw offers specialized cybersecurity consultation, various products, and a range of services to meet your company's business domain needs.

HaystackID

HaystackID

HaystackID provides industry-leading computer forensics, eDiscovery, and attorney document review experts to help with complex, data-intensive investigations and litigation.

TENEX

TENEX

TENEX is a cybersecurity company leveraging advanced artificial intelligence and human expertise to transform enterprise security.