Insider threats now more common than external ones
A new report from Netwrix shows that cybersecurity risks related to insiders are now more common than external threat actors.
In fact, since organizations have increased remote working, four of the top six types of cybersecurity incidents they experienced have been caused by internal users. These are: accidental mistakes by admins (27 percent), accidental improper sharing of data by employees (26 percent), misconfiguration of cloud services (16 percent) and data theft by employees (14 percent).
Not surprising then that 79 percent of CIOs worry that users are now more likely to ignore IT policies and thus pose a greater threat to security. Incidents related to inside actors are also among the hardest for organizations to detect. For example, a significant portion of respondents needed weeks or months to detect data theft by employees (26 percent), improper employee data sharing (18 percent) and admin mistakes (12 percent).
"In this age of remote work, the insider threat can't go unaddressed," says Ilia Sotnikov, VP of product management at Netwrix. "We cannot emphasize enough the importance of paying attention to how employees handle sensitive data and follow security policies. Now is the time to revisit the founding principles of security -- including tracking user activity, automating change and configuration auditing, and enabling alerts on harmful actions -- to ensure that insider misbehavior is detected and addressed in a timely manner."
Among other findings, incidents caused by admin mistakes are more common for large enterprises (1,001+ employees) than for mid-sized and small organizations. 33 percent of large enterprises report suffering at least one incident caused by a negligent admin since working from home began.
Financial organizations are particularly worried with 70 percent concerned about insider data theft during the current remote work phase, where pre-pandemic, only 30 percent focused on this risk.
Of educational institutions 41 percent report improper sharing of sensitive records by employees, which is the highest result among all verticals analyzed.
The full report is available on the Netwrix site.
Image Credit: LeoWolfert/Shutterstock