Security has been a huge concern for both businesses and individuals as many employees continue to work from home, with many woefully under prepared for the impact that COVID-19 has had. In fact, new research by Bitdefender found half of infosec professionals (50%) didn’t have a contingency plan in place for COVID-19 or a similar scenario. These findings, and more, are revealed today in the first instalment of Bitdefender’s yet to be released global 10 in 10 Study. The section — The Indelible Impact of COVID-19 on Cybersecurity — details the pressures faced by infosec professionals during COVID-19.
A bumper year for breaches
This lack of forward planning has come at great risk, as 86% of infosec professionals admitted that attacks have been on the rise during COVID-19. The research found cyberwarfare and IoT as an attack vector were reported to be up by 38%, and APTs and cyberespionage IP theft and social media threats/chatbots by 37% — all of which could be an indication of a bumper year for breaches.
Infosec professionals also report that, in their opinion, phishing or whaling attacks (26%), ransomware (22%), social media threats/chatbots (21%), cyberwarfare (20%), trojans (20%) and supply chain attacks (19%), have risen during the pandemic. While this perceived rise is alarming, the rate at which attacks have seemingly increased is even more concerning. According to respondents, they believe ransomware was up by 31%, and DDoS attacks by 36%.
While there is no doubt that all industries are at risk of cybercrime, respondents revealed that they believe financial services (43%), healthcare (including tele medicine) 34%, and the public sector (29%) to be the hardest hit industries in terms of increase in cybersecurity attacks during COVID-19.
Underprepared and increasing the risk
The rapid change to business, triggered by COVID-19, poses an excellent opportunity for malicious actors to gain access to corporate information, with so many people now working from home.
The research also looks at the human implications on security, relating to the risks posed by employees working from home. It reveals more than one in three (34%) say they fear that employees are feeling more relaxed about security issues because of their surroundings. In addition, employees not sticking to protocol, especially in terms of identifying and flagging suspicious activity, is a worry (33%) and a quarter (25%) are concerned about bad actors specifically targeting people working from home with malware and ransomware.
Change is afoot, and long-term plans are unfolding
The research reveals the areas of security already seeing some improvement in the wake of Covid-19, as well as the kinds of changes to security infrastructures that participants want to continue once this pandemic is over. As a result of the increase in home working, just over one in five infosec professionals (22%) reveal they have already started providing VPN and made changes to VPN session lengths. A similar group (20%) have also shared comprehensive guides to cybersecurity and working from home, and pre-approved applications and content filtering with employees, and 19% have updated employee cybersecurity training. Yet, despite their fears of a rise in attacks, only 14% have invested a significant amount of money in upgrading security stacks, 12% have bought additional cybersecurity insurance, and only 11% have implemented a zero trust policy — all of which indicates more changes are still to be made.
COVID-19 has presented infosec professionals with the opportunity to reassess their infrastructure and refocus on what end users/employees really need and want in terms of cybersecurity support. The 10 in 10 Indelible Impact of COVID-19 on Cybersecurity Study reveals that while unprecedented change does pose risks, it also provides an opportunity to reassess strategy. It is also evident that, despite identifying threats, there is still a need for further investigation into what investments need to be made to ensure that corporate data and employees are both safe from bad actors. While it’s a challenge to make changes now, it will shore up business for the future and many more unknown scenarios.
You can see the full report here.
*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Liviu Arsene. Read the original post at: http://feedproxy.google.com/~r/BusinessInsightsInVirtualizationAndCloudSecurity/~3/xHCwdzWeRZU/half-of-security-professionals-had-no-contingency-plan-in-place-for-covid-19