Organizations’ fast shifts to remote work this year because of COVID-19 are about to “backfire.” That’s the warning from Ken Tripp, channel chief at cybersecurity vendor Netwrix.

MSSPs need to stand ready, he added. That’s because most enterprises, SMBs and other firms responding to the pandemic crisis loosened their digital security standards. They wanted employees to more easily do their jobs at home. Now, problems, including insider threats, abound.

“During this transition many mistakes could have been made — due to business pressure or new technologies that needed to be implemented,” Tripp told Channel Futures.

Referring to the company’s 2020 Cyber Threats Report, he said more than one-quarter (27%) of 937 IT professionals said admins made accidental – albeit still harmful – mistakes.

Netwrix’s Ken Tripp

“Half of them spend days, weeks or months to detect this incident, which means that more and more organizations will discover misconfigurations and unwanted changes in IT infrastructure,” Tripp said.

And there’s a nasty tipping point on the horizon.

“In 2021, these decisions will unfortunately backfire and make organizations revisit their previous decisions to identify whether the tradeoffs have created security gaps that could be exploited by hackers,” Tripp said.

Hackers aren’t the only issue. As other industry observers have noted in recent months, Netwrix says insider threats have grown more common than external ones. That will remain the case next year as COVID-19-related remote work continues. Forrester Research, for example, predicts insider threats will grow from 25% in 2020 to 33% in 2021.

Accidentally or Not, Employees Causing Security Problems

Forrester points to three main reasons for the uptick in insider threats. The first, of course, comes from the increase in remote work due to the COVID-19 pandemic. The second results from widespread COVID-19 shutdowns and their subsequent economic fallout. So many jobs are on the line that employees may act out. Third, people can move company data more easily than ever.

“Combined, these will produce an increase of 8 percentage points in insider incidents, from 25% today to 33% in 2021,” Forrester analysts wrote. “The overall number of insider threats will also be pushed higher as firms get better at identifying and attributing incidents to insider activity.”

In fact, Netwrix found since organizations went remote, four of the top six types of cybersecurity incidents came from staff. Those include accidental mistakes by admins (suffered by 27% of respondents) and accidental improper sharing of data by employees (26%). There also was misconfiguration of cloud services (16%) and data theft by employees (14%).

This is causing 79% of CIOs to fret, according to Netwrix. They believe users are now more likely to ignore IT policies and pose greater risks to security than ever before.

“MSSPs need to offer dedicated work-from-home and back-to-office services that will target data security protection against insider threats, and help organizations to assess their current security posture to identify security gaps,” Tripp said.

‘The Insider Threat Can’t Go Unaddressed’

To that end, MSSPs must provide a comprehensive security program that targets all types of insiders. That’s business users, IT teams, contractors, partners, etc.

One MSP, Integritek, is doing just that, starting with its own employees. Overprivileged users represent the weakest links, CEO Brett Paulson told Channel Futures.

Integritek’s Brett Paulson

“I can’t talk exactly about what we’re doing there because there’s some secret sauce,” he says. But, he said, “my current thought is that I’m not doing the industry any good by having secret sauce.”

Because of that, Integritek likely will add its insider threat platform to its roster of services.

“We’re trying to help SMBs become better, more efficient,” he says. “As SMBs grow, the MSP space just grows organically.”

MSSPs also can deploy existing platforms such as Code42’s Incydr. Regardless of how each MSSP decides to approach insider cybersecurity threats, don’t procrastinate.

Netwrix’s Ilia Sotnikov

“In this age of remote work, the insider threat can’t go unaddressed,” said Ilia Sotnikov, vice president of product management at Netwrix. “We cannot emphasize enough the importance of paying attention to how employees handle sensitive data and follow security policies. Now is the time to revisit the founding principles of security – including tracking user activity, automating change and configuration auditing, and enabling alerts on harmful actions – to ensure that insider misbehavior is detected and addressed in a timely manner.”

Tripp agreed.

MSSPs, he said, “need to act as trusted advisers and be able to demonstrate and communicate risk posture enhancement over time. This not only will help to stand out from the competition, but also build trustful relations with customers. Based on our research, most organizations will be happy to get incident statistics, vulnerability statistics, some kind of state of cybersecurity score. Service providers that will be able to connect service to the risk reduction that can be estimated in dollars will be more successful.”