Nearly nine in 10 chief information security officers (CISO) sacrificed cybersecurity to quickly enable personnel to work remotely due to the coronavirus (COVID-19) pandemic, a recent report said.
As a result, cyber risks mapped to corporate employees are now more common than those attributed to external threat actors, data security specialist Netwrix said in its newly released 2020 Netwrix Cyber Threats Report. According to the Irvine, California-based company’s survey of 937 IT professionals:
- 39% tightened their data security during the pandemic but 24% reported that their organization is at greater cybersecurity risk than before.
- 63% reported an increase in the frequency of cyber attacks.
- 60% found new security gaps as a result of the transition to remote work.
- 58% reported employees ignoring cybersecurity policies and guidelines.
The most common incidents reported since transition to remote work resulted from human error, with numerous incidents of phishing, admin mistakes and improper data sharing by employees, Netwrix said. Four of the top six types of cybersecurity incidents respondents experienced were linked to company insiders:
- Accidental mistakes by administrators: 27 percent.
- Accidental improper data sharing by employees: 26 percent.
- Misconfiguration of cloud services: 16 percent.
- Data theft by employees: 14 percent.
Along those lines, nearly 80 percent of chief information officers (CIOs) worry that users are now more likely to ignore IT policies and thus pose a greater threat to corporate security, the data showed.
Additional findings include:
- 33% of large enterprises reported suffering at least one incident caused by a negligent admin since remote working began. Takeaway: Incidents caused by admin mistakes were more common for large enterprises than for mid-sized and small organizations.
- 70% of financial organizations are concerned about insider data theft during the current remote work phase. Takeaway: Pre-pandemic, only 30% were focused on this risk.
- 41% of educational institutions reported improper sharing of sensitive records by employees. Takeaway: Among all verticals analyzed in the study, this was the highest result.
“We cannot emphasize enough the importance of paying attention to how employees handle sensitive data and follow security policies,” said Ilia Sotnikov, Netwrix product management vice president. “Now is the time to revisit the founding principles of security, including tracking user activity, automating change and configuration auditing, and enabling alerts on harmful actions, to ensure that insider misbehavior is detected and addressed in a timely manner,” Sotnikov said.