A new 2020 Cyber Threats Report from Netwrix summarizes feedback from 937 IT professionals worldwide about the recent cyberthreats they have faced and how quickly they were able to respond. Netwrix conducted this online survey in June 2020 to understand how the pandemic and ensuing work-from-home (WFH) initiatives changed the IT risk landscape.
The survey revealed that every fourth organization feels that they are exposed to more risks than before the pandemic. Of them, 63% reported an increase in the frequency of cyberattacks and 60% found new security gaps as a result of the transition to remote work. What is more worrisome is that 85% of CISOs said that they had sacrificed cybersecurity to quickly enable remote work.
Organizations were asked to list the incidents they have experienced since the transition to remote work; the most common threat patterns were dependent on the human factor: phishing (48%), admin mistakes (27%) and improper data sharing by employees (26%).
Other findings discovered by the survey include:
- 25% reported suffering a ransomware or other malware attack during the first three months of the pandemic; 47% were able to spot it in minutes.
- Though only 14% of organizations encountered data theft by employees, 66% are anxious about this scenario, compared to just over half pre-pandemic.
- Supply chain compromises took the longest to detect: 55% needed days, weeks or even months to flag these incidents.
- 54% of CISOs admit to lacking the visibility needed to ensure proper data protection.
- 66% of the IT professionals surveyed regularly report to their executive leadership on the state of cybersecurity. The most common measure used is incident statistics; less than a quarter of respondents calculate financial metrics for their security projects.
“The broad disruption to businesses and swift transition to WFH caused by the pandemic forced many organizations to prioritize service availability over security. Now that we are all more comfortable with the new normal, IT and security pros should re-examine their earlier decisions with the goal of closing security gaps. This requires identifying sensitive information and reducing its exposure, gaining visibility into user activity, and automating change and configuration auditing to ensure rapid incident detection,” said Steve Dickson, CEO of Netwrix.