Insider Security Risk Soars During Lockdown

The number of corporate insider threats are now seen as far more critical to cyber security than before the Coronavirus made remote working the new normal, according to a new Report from the information security & governance experts at Netwrix.  
 
They  polled 937 IT professionals about how the COVID-19 crisis has changed the risk landscape and it has now published its 2020 Cyber Threats Report
 
The Report finds that 39% of respondents said they improved their cyber security during the virus, but nearly 25% thought there was now far higher cyber risks than before the lockdown. 
 
Around a quarter admitted they feel more vulnerable to threats now than before the pandemic, with 85% of CISOs admitting they sacrificed cybersecurity to rapidly support remote working. As a result, 60% of respondents are concerned they may have left some security gaps in the process. 
 
In many cases, it is concerns about user behavior that dominate: 58% believe that employees might ignore security rules and put data at risk. The main insider risks highlighted by respondents as a critical threat to the organisation are:
 
  • Accidental improper sharing of data (68%)
  • Misconfiguration of cloud services (66%)
  • Accidental mistakes by IT administrators (62%)
  • Data theft by employees (66%).
 
Accidental IT admin mistakes and improper sharing of data were the most common incident experienced by organisations, after phishing. They were also among the hardest to detect; both took days rather than hours or minutes to spot in over a third of cases. 
 
Large enterprises were more likely to experience IT administrator mistakes: 33% reported suffering at least one incident since working from home began.
 
To help you protect your organisation and remote workers from cyber attack, Netwrix offers the following advice:
  • Provide regular user training on how to identify suspicious links and attachments and how to report them.
  • Enable continuous IT auditing with alerts on signs of ransomware in progress, such as unusual spikes of activity across file repositories.
  • Harden data access governance by revoking excessive access rights.
  • Establish and rigorously enforce a least-privilege model.
  • Use privileged access management (PAM) solutions to restrict admin activity.
  • Automate change auditing across key IT systems to detect issues as they emerge.
  • Conduct periodic reviews to spot any deviations in system configuration from a healthy baseline.
 
Netwrix:      TechRepublic:      Infosecurity Magazine:       Dark Reading
 
You Might Also Read:
 
Remote Working: Five Best Ways To Prevent A Data Breach:
 
 
« The Personal Data Being Used To Get Your Vote
E-Businesses That Don’t Require Employees »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Wilson Sonsini Goodrich & Rosati (WSGR)

Wilson Sonsini Goodrich & Rosati (WSGR)

WSGR is the premier provider of legal services to technology, life sciences, and growth enterprises worldwide. Practice areas include cybersecurity and data protection.

VTT Technical Research Centre of Finland

VTT Technical Research Centre of Finland

VTT is the leading research and technology company in the Nordic countries. Areas of activity include cyber security.

cPacket Networks

cPacket Networks

cPacket’s distributed intelligence enables network operators to proactively identify imminent issues before they negatively impact end-users.

Data Shepherd

Data Shepherd

Data Shepherds primary focus is to protect your business. We achieve this by offering extensive and unique expertise in innovative IT and Cyber security solutions.

7 Elements

7 Elements

7 Elements is an independent IT security testing company providing expertise in technical information assurance through security testing, incident response and consultancy.

Seqrite

Seqrite

Seqrite offers a highly advanced range of enterprise and IT security solutions to protect your organization's most critical data.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

Seccuri

Seccuri

Seccuri is a unique global cybersecurity talent tech platform. Use our specialized AI algorithm to grow and improve the cybersecurity workforce.

Crayon

Crayon

Crayon is a customer-centric innovation and IT services company. We provide guidance on the best solutions for our clients’ business needs and budget with software, cloud, AI and big data.

Locuz

Locuz

At Locuz, we’ve made it our mission to help businesses like yours create an actionable digital strategy.

Interactive

Interactive

Interactive are a leading Australian IT service provider with services in Cloud, Cyber Security, Data Centres, Business Continuity, Hardware Maintenance, Digital Workplace, and Networks.

QPoint Technologies

QPoint Technologies

QPoint provides solutions and consulting in areas including software engineering, testing, cybersecurity, ICT, web, mobile, project management, and complex integration processes.

HTX (Home Team Science & Technology Agency)

HTX (Home Team Science & Technology Agency)

HTX brings together science and engineering capabilities to transform the homeland security landscape and keep Singapore safe.

MARS Suite

MARS Suite

MARS Suite is your all-in-one solution for cyber protection & compliance. Cybersecurity and risk management is what we do best. And we’re making it simple and easy.

Insane Cyber

Insane Cyber

Insane Cyber make cybersecurity easier to manage through automated, easy-to-use software and expert support and partnership.

Barquin Solutions

Barquin Solutions

Barquin Solutions is a full-service information technology consulting firm focused on supporting U.S. federal government agencies and their partners.