- Pandemic created new attack vectors
- Supply chain compromise is the main fear of public sector employees
- Ransomware remains one of the biggest threats during the work-from-home period of the pandemic
The public sector believes the pandemic has significantly increased the risk of cyberattacks, according to a new survey from Netwrix.
One aspect of the pandemic that no one anticipated uniquely impacted all industry branches and the public sector. People started to work from home in large numbers, creating an unexpected attack vector for threat actors.
Suddenly, hackers no longer had to deal with complex, robust security networks that protectemployees. People now trust a four-year-old router that manufacturers haven't patched in its entire lifetime. Feeling uneasy about possible breaches is not uncommon.
Netwrix surveyed 937 IT professionals worldwide to learn how their threat landscape and priorities have changed due to this massive shift to remote work.
"Nearly all respondents (98%) are now concerned about supply chain compromise, 95% named VPN exploitation as a top threat and 82% cited credential stuffing," found the survey.
"Another drastic shift is related to the misconfiguration of cloud services: 88% of government agencies now say that cloud misconfiguration is a top security threat, while pre-pandemic, only 25% said it was critical. However, only 11% of incidents reported during the first three months of the pandemic were actually caused by this scenario."
Ever since organizations and the public sector employees went remote, phishing has represented 53 percent of all incidents, while ransomware came second with 26 percent, and supply chain compromise was in last place with only six percent. Somehow, the reality of the situation is almost reversed from the expectations of employees.
Among government agencies that feel they are at greater risk, 86% worry about more severe cyberattacks, the highest percentage among all the verticals in the survey, the survey also revealed. One of the most common problems is that employees tend to ignore existing security policies. This is exacerbated by people working from a relaxed home environment.