Cybersecurity threats related to insider actions are now more common than threats from external actors, according to a report by cybersecurity vendor Netwrix.
Since organisations switched to remote work as a result of the COVID-19 pandemic, four of the top six types of cybersecurity incidents they experienced were caused by internal users, the report found. Those four were accidental mistakes by admins (reported by 27% of respondents), accidental improper sharing of data by employees (26%), misconfiguration of cloud services (16%) and data theft by employees (14%).
“Based on the findings, it is not surprising that 79% of CIOs worry that users are now more likely to ignore IT policies and thus pose a greater threat to security,” Netwrix said. “Moreover, incidents related to inside actors were among the hardest to detect.”
For example, the study found that “a significant portion” of respondents took weeks or months to detect data theft by employees (26%), improper employee data sharing (18%) and admin mistakes (12%).
Other findings included:
- Incidents caused by admin errors were more common for large companies (more than 1,000 employees) than for small and mid-sized organisations. Thirty-three percent of large enterprises reported at least one incident caused by a negligent admin since remote work began
- 70% of financial organisations are concerned about insider data theft during the current remote work phase. Pre-pandemic, only 30% worried about the risk
- 41% of educational institutions reported improper sharing of sensitive records be employees – the highest result among all verticals analysed in the survey
“In this age of remote work, the insider threat can’t go unaddressed,” said Ilia Sotnikov, vice president of product management at Netwrix. “We cannot emphasise enough the importance of paying attention to how employees handle sensitive data and follow security policies. Now is the time to revisit the founding principles of security – including tracking user activity, automating change and configuration auditing, and enabling alerts on harmful actions – to ensure that insider misbehaviour is detected and addressed in a timely manner.”