Netwrix has published additional findings from its 2020 Cyber Threats Report. Netwrix conducted this online survey in June 2020 to understand how the pandemic and ensuing work-from-home initiatives changed the IT risk landscape.
Because healthcare organisations are on the front line of the battle to contain COVID-19, they had to revise their cybersecurity priorities more quickly than perhaps any other vertical market. Pre-pandemic, they were mostly concerned about employees accidently sharing sensitive data (88%) and rogue admins (80%); today they are worried about phishing (87%), admin mistakes (71%) and data theft by employees (71%).
As it turns out, their perceptions of risk are both founded and unfounded. They are correct to be concerned about phishing and IT staff errors, since those types of incidents were experienced by 37% and 39% of respondents, respectively, during the first few months of the pandemic. However, even though 37% suffered improper data sharing, concern about this risk plummeted by 32 percentage points since the pandemic began.
Other findings discovered by the survey include:
“With 39% of healthcare organisations experiencing incidents due to errors by IT staff, this industry should pay particular attention to the activities of privileged users. Even one mistake can bring the entire organisation to a standstill, leaving it unable to take care of patients. To mitigate the risk of admin mistakes, it is essential to rigorously enforce the least privilege principle through regular privilege attestation. To ensure quick detection of unauthorised modifications, healthcare organisations are advised to automate both monitoring of changes and checking of all system configurations against a healthy baseline,” said Ilia Sotnikov, VP of Product Management at Netwrix.