Each month, we bring you some of the most compelling cloud and Salesforce security-related stories from the last four weeks. In this post, we discuss the impact of COVID-19 on cybersecurity, the skills shortage in the security industry, remote employee risks, and more.
A recent study revealed that globally, 94% of security and IT professionals are concerned about their organization’s cybersecurity due to the coronavirus pandemic. Understandably so, as 63% of surveyed organizations experienced COVID-19-related attacks. More than half of the reported security challenges originated with remote workers (e.g., unsecured home networks, social engineering, phishing attacks, and more), creating considerable risk that many organizations weren’t fully prepared to mitigate. Nearly 90% of respondents said having remote employees made it difficult to secure employee devices, particularly because users were connecting from so many different locations.
Top areas of concern included employee home network security, increased ransomware, phishing, social engineering attacks, and maintaining configuration, compliance, and security for remote systems.
But security and IT teams aren’t lingering in the present – 92% are already thinking about the future of cybersecurity in a COVID-19 world. Their plans of action include acquiring new security tools (57%), making the most of existing tools that are underutilized (53%), increasing security budget and staff training for 2020 (42%), seeking managed services to reduce staff workload (31%), and reducing 2021 budget (14%).
“For most organizations, this pandemic has acted as a major stress test on cybersecurity controls and policies. The resulting surge in remote work complexifies the attack surface and brings up many new questions for security teams.”
– Remote Work and COVID-19 Cybersecurity Impact Report
Almost one in five remote employees make critical mistakes despite feeling confident in their cybersecurity knowledge, according to the 2020 Remote Work Security Survey. The study’s main finding was that 41% of remote workers access critical and confidential company data via unsecured applications. What this means for organizations is that their corporate data, trade secrets, intellectual property, customer and prospect information, and other sensitive data are extremely vulnerable to cyberattacks.
The discrepancy between employee cybersecurity confidence and the prevalence of cyber risk is attributed to miscommunication of security initiatives among workers. A significant reason behind accessing protected data via unsecured applications is because approved applications lack functionality and user experience to encourage use.
“Remote workers shouldn’t take security lightly during shelter-in-place initiatives. Even during challenging times, it’s important for companies to continue investing in secure collaborative platforms that protect corporate assets while keeping employees engaged, efficient, and safe.”
– Andrew Filev, Founder and CEO, Wrike
Over the course of one month (April 2020), security researchers discovered almost 404 million malware cases across the globe, amounting to more than 10 million infections per day. Researchers correlated the spikes with victims who haven’t had adequate cybersecurity training. Particularly, educational institutions saw the majority of attacks, as students and teachers don’t dedicate much time, if any, discussing security training like how to avoid phishing emails and using multi-factor authentication to log in to email, cloud applications, workstations, and more.
However, other industries like financial services, business and professional services, along with retail and consumer goods saw a significant number of malware attacks, which means improved cybersecurity tools and training are necessary for any organization, regardless of sector.
The impact of COVID-19 on the cybersecurity market is expected to be substantial, with the market size predicted to grow from $183 billion in 2019 to $230 billion in 2021. A survey found that the pandemic has altered the way many organizations think about cybersecurity and risk management. For example, startups, SMBs, and large enterprises are now considering cybersecurity budgets to be an unavoidable capital expenditure, especially given compliance requirements for regulations such as CCPA, GDPR, HIPAA, FINRA, and more.
The North American market is expected to hold the largest share in the cybersecurity sector, followed closely by APAC. With the highest rate of mobile and connected devices, North America is also more vulnerable to cyberattacks. The industry is responding by increasing automation, threat detection, and real-time security tools to compensate.
The number of remote employees skyrocketed at the onset of COVID-19. Now, organizations are evaluating the impact and anticipating what effect a remote workforce could have on business operations. A study revealed that 85% of organizations expect an increase in threats due to new risks of a remote workforce.
Companies are struggling to adapt to the “new normal” in whatever ways possible, but trying to boost cybersecurity to reduce risk while being remote can be a challenge. According to the report, “IT departments are working at a deficit in their ability to support and maintain business continuity while optimizing IT support.” 70% of organizations haven’t implemented new technology to monitor, manage, and support work-from-home staff.
“This pandemic left organizations little opportunity to initiate new technology projects, which traditionally require multiple months to deploy. That lack of manpower, budget, and time, shrinking IT teams cannot provide physical on-site or data center support.”
– Yama Habibzai, COO, HiveIO
The report “Cybersecurity in Focus 2020” revealed that 76% of cybersecurity leaders are struggling with critical skills shortages. Businesses face a constant battle to efficiently manage cybersecurity processes, especially in a time where cybersecurity challenges are increasing due to global crises.
Obtaining the right internal skills was the most significant challenge when considering cybersecurity strategy performance. Rather than leadership positions, the skills gap is most predominant at the individual contributor level, with roles like IT security specialists, information security analysts, network security engineers, security engineers, and application security engineers being the most in-demand.
To close the skills gaps, 30% of organizations are looking internally for transferable skills, while 46% believe AI and machine learning will help alleviate staffing concerns. Automated security tools like user activity monitoring are becoming a more popular choice for IT and security teams across industries to reduce demand on staff and accommodate for the shortage of cybersecurity skills.