A bare half of IT people are highly confident that their cybersecurity teams are ready to detect and respond to the rising cyber-security attacks during COVID-19, according to new research by the US-based IT association ISACA. Only 59 percent say their cybersecurity team has the necessary tools and resources at home to perform their job effectively.
This presents a problem, the association adds, as 58 percent of respondents say threat actors are taking advantage of the pandemic to disrupt, and 92 percent say cyberattacks on individuals are increasing. Most, 87 percent of respondents still say the rapid transition to remote work has increased data protection and privacy risk.
ISACA CEO David Samuelson says: “Organisations are rapidly and aggressively moving toward new ways of doing business during this time, which is a very positive thing, but it can also lead to making compromises that can leave them vulnerable to threats.
“A surge in the number of remote workers means there is a greater attack surface. Remote work is critically important right now, so security has to be at the forefront along with employee education. ISACA professionals have an especially critical role to play in protecting their enterprises, customers and stakeholders during this pandemic.”
ISACA surveyed more than 3700 IT audit, risk, governance and cybersecurity people from 123 countries in mid-April to assess the impact of COVID-19 on their organisations and their own jobs. Most believe their jobs are safe. Ten percent think a job loss is likely and 1 percent has been furloughed. However, while their own positions are stable, respondents are still extremely concerned about these wider impacts of the novel coronavirus:
– Economic impact on national economy (49 percent)
– Health of family and friends (44 percent)
– Personal health (30 percent)
– Economic impact (24 percent)
While respondents report being highly satisfied with their organisation’s internal communications, business continuity plans and executive leadership related to COVID-19, their organisations have not been able to avoid the negative effects, including:
– Decreased revenues/sales (46 percent)
– Reduced overall productivity (37 percent—more executives than practitioners think this is the case)
– Reduced budgets (32 percent)
– Supply chain problems (22 percent)
– Closed business operations (19 percent)
Most responding expect normal business operations to resume by the third quarter of 2020.
ISACA CTO Simona Rollinson adds: “It’s hard to predict what ‘normal’ will look like in the short term. What we do know is that tech professionals, including the IT audit, risk, governance and security professionals in our community, are more necessary than ever to their enterprises, and they are well-positioned to adapt and even thrive, regardless of what changes may be in store.”
Visit www.isaca.org/covid19study.
Comment
Faiz Shuja, Co-Founder and CEO at threat intelligence firm SIRP, says: “In response to the COVID-19 pandemic most organisations have moved quickly to equip their security analysts to continue threat detection and response activities from home. Not everyone, however, is able to access the necessary tools and resources at home and almost all are reporting that the disruption has led to an upsurge in cyber attacks aimed at individuals.
“To counter this, we are advising customers to have a security operations platform in place that fuses essential cybersecurity information in one place. Cybersecurity teams should have centralised visibility along with risk-based decision strategy, so that decisions can be better prioritised in these heightened risk exposure times.”
