Insider Security Risk Soars During Lockdown

Uploaded on 2020-12-15 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

The number of corporate insider threats are now seen as far more critical to cyber security than before the Coronavirus made remote working the new normal, according to a new Report from the information security & governance experts at Netwrix.  
 
They  polled 937 IT professionals about how the COVID-19 crisis has changed the risk landscape and it has now published its 2020 Cyber Threats Report
 
The Report finds that 39% of respondents said they improved their cyber security during the virus, but nearly 25% thought there was now far higher cyber risks than before the lockdown. 
 
Around a quarter admitted they feel more vulnerable to threats now than before the pandemic, with 85% of CISOs admitting they sacrificed cybersecurity to rapidly support remote working. As a result, 60% of respondents are concerned they may have left some security gaps in the process. 
 
In many cases, it is concerns about user behavior that dominate: 58% believe that employees might ignore security rules and put data at risk. The main insider risks highlighted by respondents as a critical threat to the organisation are:
 
  • Accidental improper sharing of data (68%)
  • Misconfiguration of cloud services (66%)
  • Accidental mistakes by IT administrators (62%)
  • Data theft by employees (66%).
 
Accidental IT admin mistakes and improper sharing of data were the most common incident experienced by organisations, after phishing. They were also among the hardest to detect; both took days rather than hours or minutes to spot in over a third of cases. 
 
Large enterprises were more likely to experience IT administrator mistakes: 33% reported suffering at least one incident since working from home began.
 
To help you protect your organisation and remote workers from cyber attack, Netwrix offers the following advice:
  • Provide regular user training on how to identify suspicious links and attachments and how to report them.
  • Enable continuous IT auditing with alerts on signs of ransomware in progress, such as unusual spikes of activity across file repositories.
  • Harden data access governance by revoking excessive access rights.
  • Establish and rigorously enforce a least-privilege model.
  • Use privileged access management (PAM) solutions to restrict admin activity.
  • Automate change auditing across key IT systems to detect issues as they emerge.
  • Conduct periodic reviews to spot any deviations in system configuration from a healthy baseline.
 
Netwrix:      TechRepublic:      Infosecurity Magazine:       Dark Reading
 
You Might Also Read:
 
Remote Working: Five Best Ways To Prevent A Data Breach:
 
 
« The Personal Data Being Used To Get Your Vote
E-Businesses That Don’t Require Employees »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Assuria

Assuria

Assuria Cyber Security solutions provide protective monitoring of systems and user activity across the whole IT infrastructure.

Egerie

Egerie

EGERIE's RiskManager solution provides a Global, Centralized, and Updated view of risk maps and security measures for your company.

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

LEADS

LEADS

LEADS is considered as a leading ICT Solution Provider and an IT partner of choice in Bangladesh.

Havelsan

Havelsan

HAVELSAN is a leading technology company in Turkey developing indigenous systems for domestic and foreign military, public and private sector clients.

Aricoma

Aricoma

Aricoma are Architects of Digital. We aim to become a major player in end-to-end IT services and digital transformation in Europe.

DANAK

DANAK

DANAK is the national accreditation body for Denmark. The directory of members provides details of organisations offering certification services for ISO 27001.

Stage2Data

Stage2Data

Stage2Data is one of Canada’s most trusted cloud solution providers offering hosted Backup and Disaster Recovery Services.

Tech Nation

Tech Nation

Tech Nation is the UK’s first national scaleup programme for the cyber security sector, aimed at ambitious tech companies ready for growth, at home and abroad.

CyVolve

CyVolve

Cyvolve is the next great leap forward in data security, ensuring constant encryption and pervasive control over all your data.

Socure

Socure

Socure’s identity verification increases auto approval rates, reduces false positives and captures more fraud. In real time.

Meditology

Meditology

Meditology Services is a top-ranked provider of information risk management, cybersecurity, privacy, and regulatory compliance consulting services exclusively for healthcare organizations.

Smoothstack

Smoothstack

Smoothstack is a technology talent incubator whose immersive training program kick starts IT careers and delivers a fresh source of IT talent.

NetApp

NetApp

The NetApp portfolio includes intelligent cloud services, data services, and storage infrastructure that helps organizations manage applications and data everywhere across hybrid cloud environments.

ID R&D

ID R&D

ID R&D is an award-winning provider of AI-based facial liveness, document liveness, and voice biometrics.

ACDS (Advanced Cyber Defence Systems)

ACDS (Advanced Cyber Defence Systems)

ACDS was founded in the belief that cyber security can be done better. We’re combining emerging technologies and proven methods to bring a new approach to tackling the growing threat landscape.