Insider Security Risk Soars During Lockdown
The number of corporate insider threats are now seen as far more critical to cyber security than before the Coronavirus made remote working the new normal, according to a new Report from the information security & governance experts at Netwrix.
They polled 937 IT professionals about how the COVID-19 crisis has changed the risk landscape and it has now published its 2020 Cyber Threats Report.
The Report finds that 39% of respondents said they improved their cyber security during the virus, but nearly 25% thought there was now far higher cyber risks than before the lockdown.
Around a quarter admitted they feel more vulnerable to threats now than before the pandemic, with 85% of CISOs admitting they sacrificed cybersecurity to rapidly support remote working. As a result, 60% of respondents are concerned they may have left some security gaps in the process.
In many cases, it is concerns about user behavior that dominate: 58% believe that employees might ignore security rules and put data at risk. The main insider risks highlighted by respondents as a critical threat to the organisation are:
- Accidental improper sharing of data (68%)
- Misconfiguration of cloud services (66%)
- Accidental mistakes by IT administrators (62%)
- Data theft by employees (66%).
Accidental IT admin mistakes and improper sharing of data were the most common incident experienced by organisations, after phishing. They were also among the hardest to detect; both took days rather than hours or minutes to spot in over a third of cases.
Large enterprises were more likely to experience IT administrator mistakes: 33% reported suffering at least one incident since working from home began.
To help you protect your organisation and remote workers from cyber attack, Netwrix offers the following advice:
- Provide regular user training on how to identify suspicious links and attachments and how to report them.
- Enable continuous IT auditing with alerts on signs of ransomware in progress, such as unusual spikes of activity across file repositories.
- Harden data access governance by revoking excessive access rights.
- Establish and rigorously enforce a least-privilege model.
- Use privileged access management (PAM) solutions to restrict admin activity.
- Automate change auditing across key IT systems to detect issues as they emerge.
- Conduct periodic reviews to spot any deviations in system configuration from a healthy baseline.
You Might Also Read: