Editorial

Four of top six cybersecurity incidents related to insider actions

Netwrix study shows eight out of ten CIOs are concerned users might ignore IT policies and guidelines

Posted 9 December 2020 by Christine Horton

Cybersecurity risks related to insiders are now more common than those from external threat actors.

That’s according to additional findings from the 2020 Netwrix Cyber Threats Report into the cyber threats IT pros are facing.

The research shows that since organisations went remote, four of the top six types of cybersecurity incidents they experienced were caused by internal users: accidental mistakes by admins (suffered by 27 percent of respondents), accidental improper sharing of data by employees (26 percent), misconfiguration of cloud services (16 percent) and data theft by employees (14 percent).

Therefore, it is not surprising that 79 percent of CIOs worry that users are now more likely to ignore IT policies and thus pose a greater threat to security.

Moreover, incidents related to inside actors were among the hardest for organisations to detect. For example, a significant portion of respondents needed weeks or months to detect data theft by employees (26 percent), improper employee data sharing (18 percent) and admin mistakes (12 percent).

If you liked this content…

Other survey findings include:

  • Incidents caused by admin mistakes were more common for large enterprises (1,001+ employees) than for mid-sized and small organisations. 33 percent of large enterprises reported suffering at least one incident caused by a negligent admin since working from home (WFH) began
  • 70 percent of financial organisations are concerned about insider data theft during the current remote work phase. Pre-pandemic, only 30 percent were focused on this risk
  • 41 percent of educational institutions reported improper sharing of sensitive records by employees, which is the highest result among all verticals analysed

“In this age of remote work, the insider threat can’t go unaddressed. We cannot emphasise enough the importance of paying attention to how employees handle sensitive data and follow security policies,” said Ilia Sotnikov, VP of product management at Netwrix.

“Now is the time to revisit the founding principles of security — including tracking user activity, automating change and configuration auditing, and enabling alerts on harmful actions — to ensure that insider misbehaviour is detected and addressed in a timely manner.”

Research from September revealed 61 percent of firms reported at least one insider attack over the last 12 months. Moreover, 22 percent reported at least six separate attacks.
Event Logo

If you are interested in this article, why not register to attend our Think Digital Government conference, where digital leaders tackle the most pressing issues facing government today.


Register Now