Concern about intentional data theft has doubled while fear of accidental data sharing has nearly halved, according to Netwrix?s 2020 Cyber Threats Report.
Netwrix conducted this online survey in June 2020 to understand how the pandemic and ensuing work-from-home initiatives changed the IT risk landscape.
Of all the verticals the online survey analyzed, the financial industry exhibited the most drastic changes in cybersecurity priorities. Concern about VPN exploitation skyrocketed, with a whopping 94% of respondents naming it a top security risk. Worry about supply chain compromise also soared, from 50% to 97%. The number of organizations prioritizing deliberate data theft more than doubled, from 30% pre-pandemic to 70% now, while concern about accidental data sharing dropped from 80% to 50%.
Despite this increased concern about malicious activity, the most commonly reported incidents involved human errors: 48% of respondents had users fall for phishing attacks in the first few months of the pandemic, 31% suffered improper data sharing, and 28% experienced incidents caused by admin mistakes.
Other findings discovered by the survey include:
- 30% of financial organizations feel they are at greater cybersecurity risk now than they were pre-pandemic. The majority (64%) are concerned about both more frequent cyberattacks and the security gaps caused by remote work.
- 14% of respondents reported a supply chain compromise since the pandemic began. Though this event is seen as a critical risk by nearly all financial organizations now, the victims were particularly slow in detecting it: 76% needed days, weeks or months.
- Insecure data sharing took the longest to detect: 51% required days to flag the incident, while 19% needed weeks and 11% required months.
?In the financial sector, concern about malicious access to sensitive data skyrocketed in the first few months of the pandemic, more so than in any other vertical. However, the majority of incidents at financial organizations during that period were actually caused by the human element. To minimize both malicious and inadvertent data loss, this industry should heed cybersecurity experts, who recommend combining regular end-user training with flexible solutions that can proactively identify and protect sensitive data and spot attacks before they become breaches,? said Ilia Sotnikov, VP of Product Management at Netwrix.