A global survey of 6,724 security and IT workers published this week by BitDefender, a provider of a broad portfolio of cybersecurity software, suggests organizations are still struggling to come to terms with the cybersecurity implications of the COVID-19 pandemic, even though it’s clear the volume of attacks has significantly increased.
According to the survey, only 20% said they have also shared comprehensive guides to cybersecurity and working from home, pre-approved applications or implemented content filtering. More troubling still, only 19% have updated employee cybersecurity training and even fewer (14%) have invested a significant amount of money in upgrading security stacks. Only 11% have implemented a zero-trust policy, the survey finds.
The survey also finds only 22% have provided access to a virtual private network (VPN) or made changes to VPN session lengths.
Overall, 50% of respondents admit their organization did not have a contingency plan in place to cope with events such as a pandemic.
On the plus side, about a third (31%) said they intend to keep providing 24/7 IT support and will increase the number of training sessions in IT security for employees. According to the survey, almost a quarter (23%) plan to increase their cooperation with key business stakeholders when defining cybersecurity policies, while an equal percentage said they will increase reliance on external IT security expertise.
The survey also confirms organizations (86%) have seen more cyberattacks during the pandemic. Respondents said phishing or whaling attacks (26%), ransomware (22%), social media threats/chatbots (21%), cyber warfare (20%), trojans (20%) and supply chain attacks (19%) have risen during the pandemic.
The fastest-growing attacks, however, are identified as being distributed denial of service DDoS attacks (36%) and ransomware (31%).
Liviu Arsene, a global cybersecurity researcher for BitDefender, said cybersecurity attacks for the most part closely tracked the pandemic as outbreaks occurred in different geographic regions. In terms of vertical industries, financial services and health care were the two most targeted vertical industries, noted Arsene.
Given the continued spread of the virus and the relative inability of IT organizations to adjust to the new normal quickly, Arsene said data breaches stemming from these attacks will be an issue well into 2021.
More than a third of respondents (34%) are worried employees are feeling more relaxed about security issues because they are working from home. Employees not sticking to protocol, especially in terms of identifying and flagging suspicious activity, is also a concern.
A third (31%) are also concerned about their colleagues falling prey to these attacks, while an equal number said there is a risk of a serious data leak caused by unwitting employees. A quarter (25%) are also concerned cybercriminals will target people working from home.
In addition, 20% said employees using untrusted networks is a risk to their organization, and 38% say there is a definitive risk in another person having access to an employee company device. Well over a third (37%) noted the use of personal messaging services also poses a risk.
Of course, most of the survey respondents (81%) said there is no doubt their organization will change how it operates in the long term. The issue is that pace of change may not be nearly as fast as it should be, given the nature of the cybersecurity threats now being faced.