Cybersecurity Training Remains Important Even In Lockdowns

November 19, 2020

According to Netwrix's 2020 Cyber Threats Report, 25 percent of Information Technology (IT) professionals feel like their organization is exposed to more cyber risks than before the pandemic.

Among respondents who feel more vulnerable, 63 percent said their organization has experienced more frequent cyberattacks, while 60 percent said that transitioning to remote work exposed new security gaps.

Eighty-five percent of chief information security officers surveyed said they had sacrificed cybersecurity in order to transition to remote work quickly. In addition, 54 percent said they lack the visibility to ensure proper data protection.

The most common threats respondents have faced since transitioning to remote work are: 1. phishing (48 percent); 2. administrator mistakes (27 percent); and 3. employees improperly sharing data (26 percent).

The survey also found that 25 percent of organizations suffered a ransomware or malware attack during the first three months of the pandemic. Although only 14 percent had experienced employees stealing data, 66 percent said they worry about it, an increase since before the pandemic. Supply chain compromises are the attack that took the longest to detect.

Netwrix surveyed 937 IT professionals globally for the report. "Survey: 85% of CISOs Admit they Sacrificed Cybersecurity to Quickly Enable Employees to Work Remotely" netwrix.com (Sep. 22, 2020).

 

Commentary

All of the top risks that respondents to the 2020 Cyber Threats Report have faced since transitioning to remote work are related to human error.

Annual cybersecurity training is essential to teach all members of the organization cyber best practices and reduce your risk from human error. Do not assume that your top executives and IT leaders do not need to be included in training. Administrators and senior leaders frequently create exposure, and their mistakes are even more dangerous because they have access to more data.

Minimize sharing of information by only allowing employees access to data that they need to perform their job and limiting the number of administrators. Train everyone to use unique passwords on every account and to never share their login credentials with anyone.

Rapid incident detection is also key. Even with proper training, there is always a risk that someone in your organization will slip up and open the door to a cybercriminal. If that does happen, knowing about it as soon as possible will help you minimize damage. Create a system to monitor activity on the network and notify IT of any odd activity.

Finally, your opinion is important to us. Please complete the opinion survey:

News

Identifying Employee Personality Typing May Help Blunt Cybercrime

New research finds that personality type may determine an employee's strengths and weaknesses as it relates to cyber threats. We examine. Read More

Bad State Actors And Criminals Are Focusing On Updates After SolarWinds Hack

Cybercriminals often hack organizations or spoof software updates to spread malware. We examine. Read More

Knowing Internal Online Habits Helps Limit The Risk Of Cloud-Based Malware Attacks

McAfee's second quarter report reveals a significant rise in malware attacks, particularly in cloud-based user accounts. We examine. Read More