In the opinion of information security people surveyed, phishing or whaling attacks (26pc), ransomware (22pc), social media threats/chatbots (21pc), cyber-warfare (20pc), trojans (20pc) and supply chain attacks (19pc), to name but a few attack vectors, have risen during the pandemic. That is according to the cyber product company Bitdefender.
Liviu Arsene, Global Cybersecurity Researcher at Bitdefender, says: “At least half of organisations admitted they were not prepared for a scenario such as this, whereas the attackers are seizing the opportunity. But within the current situation there is a great opportunity for positive change in cybersecurity.
“In cybersecurity with high stakes around monetary and reputational loss the ability to change, and change rapidly, without increasing risk is critical. With COVID-19 changing the business landscape for the foreseeable future security strategy has to change. The good news is that the majority of infosec professionals have recognised this need for rapid change, although forced by current by circumstances, and have started taking action.”
As a result of the increase in home working, just over one in five infosec professionals (22pc) reveal they have already started providing VPN and made changes to VPN session lengths. A similar group (20pc) have also shared comprehensive guides to cybersecurity and working from home, and pre-approved applications and content filtering with employees, and 19pc have updated employee cybersecurity training. Yet, despite their fears of a rise in attacks, only about one in seven, 14pc have invested a significant amount of money in upgrading security stacks, 12pc have bought additional cybersecurity insurance, and only 11pc have implemented a zero trust policy — all of which indicates more changes are still to be made, the cyber firm suggests.
At the same time, the pandemic has provided an opportunity to learn how to tackle changes in workforce patterns, and how to plan for unexpected events. One in three infosec professionals (31pc) say they intend to keep 24/7 IT support, and will increase the number of training sessions in IT security for employees. Almost a quarter (23pc) have also cited that they are going to increase the cooperation with key business stakeholders when defining cybersecurity policies, and an equal percentage will increase outsourcing IT security expertise.
Arsene adds: “Change is an undeniable threat to cybersecurity, as is being unprepared. The stakes are high in terms of loss of customer loyalty and trust — not to mention to the bottom line.
“COVID-19 has however presented infosec professionals with the opportunity to reassess their infrastructure and re-focus on what end users/employees really need and want in terms of cybersecurity support.
“It is also evident that, despite identifying risks, there is still a need for further investigation into what investments need to be made to ensure that corporate data and employees are both safe from bad actors. While it’s a challenge to make changes now, it will shore up business for the future and many more unknown scenarios.”
About the study
It was among 6,724 Security and IT workers in May 2020 across the UK, US, Australia/New Zealand, Germany, France, Italy, Spain, Denmark and Sweden; across organisations and industries, from SMEs to publicly listed companies.
