Cyber security has been a critical topic throughout the digital age, but new research from IT security and endpoint management firm Taniumreveals that 90 percent of IT leaders surveyed said they experienced an increase in cyberattacks due to the pandemic—and an even greater number, 93 percent, said they were forced to delay key security projects in order to manage the transition to remote work.
The firm’s newly released study, When the World Stayed Home, focuses on how organizations are adapting to distributed working and how they are planning for the next “new normal” once the pandemic recedes, and reveals the ongoing effects of COVID-19 on enterprise and government organizations.
COVID-19 exposed enterprise security gaps
One of the key findings of the study was the contrast between how prepared leaders felt for the shift to remote work and the reality of dealing with it. While 85 percent said that they felt ready to shift to a fully remote workforce, almost all––98 percent––said they experienced security challenges within the first two months. The top three challenges were: identifying new personal computing devices (27 percent); overwhelmed IT capacity due to VPN requirements (22 percent); and increased security risk from video conferencing (20 percent).
Rising cyberattack volumes compounded enterprise security management challenges. Ninety percent of IT leaders said they saw an increase in attacks due to the pandemic, as threat actors sought to cash-in on the disruption. The most common of these were attacks involving data exposure (38 percent), business email or transaction fraud (37 percent) and phishing (35 percent).
Storing up problems for later
But even as cyberattacks increased and post-compromise activity spiked––signaling the existence of critical security gaps prior to the pandemic––nearly all of the executives surveyed said they had to delay or cancel planned security projects. Identity and asset management (39 percent) and security strategy (39 percent), were the top areas disrupted as a result of workforce distribution efforts.
Patching was one of the key areas where organizations appear to have been caught off guard. Eighty-eight percent of respondents had trouble in this crucial area and 43 percent experienced difficulties patching remote workers’ personal devices, exposing their organization to risk. A quarter (26 percent) admitted to effectively side-lining this vital IT security best practice at a time when Microsoft alone released 100+ fixes in successive Patch Tuesdays.
Visibility and control will play a central role in the new reality
With most (85 percent) respondents believing the negative impacts of the global pandemic will last for several months to come, thoughts are now turning to how they can securely transition to a more permanent flexible work model––and there are significant challenges.
Respondents were concerned that home IT would be difficult to implement long-term for multiple reasons, including: compliance regulations (26 percent), managing cybersecurity risks (25 percent) and balancing cyber risk with employee privacy (19 percent). For many, the challenges posed by personal devices are so great that 45 percent of respondents said they would ban them entirely when employees return to work.
For these reasons, respondents overwhelmingly identified security as a top priority in the months to come. Seventy percent of respondents said they will make cybersecurity the number one priority for remote work going forward. Nearly half plan to invest in endpoint management tools to improve visibility of IT assets (48 percent), and 47 percent plan to make improvements to patch management processes.
“The almost overnight transition to remote work forced changes for which many organizations were unprepared,” said Chris Hodson, chief information security officer at Tanium, in a news release. “It may have started with saturated VPN links and a struggle to remotely patch thousands of endpoints, but the rise in cyberattacks and critical vulnerabilities has made it apparent that we’re still far from an effective strategy for the new IT reality.”
“Whether companies choose to permanently move their operations remote, return employees to the office, or some combination of both, one thing is clear: the edge is now distributed. IT leaders need to incorporate resilience into their distributed workforce infrastructure. A key part of this is making sure organizations have visibility of computing devices in their IT environment,” concluded Hodson.
Tanium commissioned independent market research specialist Censuswide to conduct the research upon which this report is based. A total of 1004 CXOs and Vice Presidents were surveyed in June 2020 across the United States, United Kingdom, France and Germany. The respondents were from organizations with at least 1,000 employees internationally and could be from any sector.