Cybersecurity Training Remains Important Even In Lockdowns

November 19, 2020

According to Netwrix's 2020 Cyber Threats Report, 25 percent of Information Technology (IT) professionals feel like their organization is exposed to more cyber risks than before the pandemic.

Among respondents who feel more vulnerable, 63 percent said their organization has experienced more frequent cyberattacks, while 60 percent said that transitioning to remote work exposed new security gaps.

Eighty-five percent of chief information security officers surveyed said they had sacrificed cybersecurity in order to transition to remote work quickly. In addition, 54 percent said they lack the visibility to ensure proper data protection.

The most common threats respondents have faced since transitioning to remote work are: 1. phishing (48 percent); 2. administrator mistakes (27 percent); and 3. employees improperly sharing data (26 percent).

The survey also found that 25 percent of organizations suffered a ransomware or malware attack during the first three months of the pandemic. Although only 14 percent had experienced employees stealing data, 66 percent said they worry about it, an increase since before the pandemic. Supply chain compromises are the attack that took the longest to detect.

Netwrix surveyed 937 IT professionals globally for the report. "Survey: 85% of CISOs Admit they Sacrificed Cybersecurity to Quickly Enable Employees to Work Remotely" netwrix.com (Sep. 22, 2020).

 

Commentary

All of the top risks that respondents to the 2020 Cyber Threats Report have faced since transitioning to remote work are related to human error.

Annual cybersecurity training is essential to teach all members of the organization cyber best practices and reduce your risk from human error. Do not assume that your top executives and IT leaders do not need to be included in training. Administrators and senior leaders frequently create exposure, and their mistakes are even more dangerous because they have access to more data.

Minimize sharing of information by only allowing employees access to data that they need to perform their job and limiting the number of administrators. Train everyone to use unique passwords on every account and to never share their login credentials with anyone.

Rapid incident detection is also key. Even with proper training, there is always a risk that someone in your organization will slip up and open the door to a cybercriminal. If that does happen, knowing about it as soon as possible will help you minimize damage. Create a system to monitor activity on the network and notify IT of any odd activity.

Finally, your opinion is important to us. Please complete the opinion survey:

News

Credential Stuffing: A Singular Reason Why You Need To Have Different Passwords For Your Accounts

The FBI warns businesses of the growing threat of compromised login credentials. User password behavior is a big part of the cause. We examine. Read More

Is Having A "Gold Image" The Key To Defeating Ransomware?

A hospital employer says a cyberattack led to the death of a patient. Read how quality backups keep clients safe and allow you to say "no" to paying cybercriminals. Read More

Cybersecurity Training Remains Important Even In Lockdowns

Minimizing administrator privileges and conducting annual training are two ways to keep data safe. Learn more. Read More