Vertical Markets

Covid-19 exposed enterprise security gaps

by Mark Rowe

Most UK organisations saw an increase in cyberattacks with the COVID-19 pandemic, and most delayed key security projects. That’s according to new research by an IT security firm.

Tanium’s report, When The World Stayed Home, analyses responses of 1,000 global CXOs and vice presidents at mid and large-size organisations across the United States, the UK, France and Germany, including 253 executives in the UK.

The majority of respondents (83 percent) in organisations with a distributed workforce said they felt prepared to shift to a fully remote workforce, yet almost all (98 percent) admitted that in the end they faced security challenges due to the transition. The top three greatest challenges for UK organisations were: identifying new personal computing devices on the network (28 percent); overwhelmed IT capacity due to VPN requirements (22 percent); and increased security risk from video conferencing (22 percent).

Rising cyberattack volumes compounded these challenges as threat actors sought to capitalise on firms’ vulnerabilities. Those responding reported experiencing attacks involving data exposure (38 percent), phishing (35 percent), and business email or transaction fraud (35 percent). Even as cyberattacks increased and post-compromise activity spiked – signalling the existence of critical security gaps prior to the pandemic – nearly all (92 percent) respondents who transitioned to distributed working said they had to delay or cancel planned security priorities. Anti-virus and malware sandboxing (37 percent), networking zoning (36 percent), and security strategy work (35 percent) were the top areas where leaders had to cancel or delay projects as a result of remote working efforts.

Patching was where organisations appear to have been caught off guard, the report suggests. Most, 86 percent of respondents had trouble, while 42 percent had specific difficulties patching remote workers’ personal devices — potentially exposing their organisation to risk. A quarter (22 percent) admitted to effectively side-lining this crucial IT security best practice at a time when Microsoft alone released 100-plus fixes in successive ‘Patch Tuesdays’.

With most (86 percent) respondents believing that the negative impacts of the global pandemic will last for several months to come, thoughts are now turning to how they can securely transition to a more permanent model for flexible work––and there are significant challenges.

Some respondents were concerned that home IT would be difficult to implement long-term for multiple reasons, including: compliance regulations (28 percent), managing cybersecurity risks (26 percent) and balancing cyber risks with employee privacy (16 percent). For many, the challenges posed by personal devices were so great that 42 percent of respondents said they will prohibit these entirely when employees return to work.

Respondents identified security as a priority. Most, 69 percent said they will make cybersecurity a priority for remote work, ahead of avoiding business disruption (14 percent) or protecting the organisation’s intellectual property (17 percent).

Chris Hodson, Chief Information Security Officer at Tanium said: “The almost overnight transition to remote work forced changes for which many organisations were unprepared. It may have started with saturated VPN links and a struggle to remotely patch thousands of endpoints, but the rise in cyberattacks and critical vulnerabilities has made it apparent that we’re still far from an effective strategy for the new IT reality.”

“Whether companies choose to permanently move their operations, return employees to the office, or some combination of both, it’s clear that the edge is now distributed. IT leaders need to incorporate resilience into their distributed workforce infrastructure. A key part of this is making sure organisations have visibility of computing devices in their IT environment.”

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing