It is true in general that technology is always changing, and the threat landscape is constantly evolving, but 2020 has amplified the cybersecurity challenge. Organizations of all sizes and across all industries already struggled to effectively manage risk and cyber resilience, but the global pandemic of COVID-19 has introduced a sudden and dramatic shift that tips the playing field in favor of attackers and exacerbates the task.
The COVID-19 Effect
Few things in history have disrupted the status quo as abruptly or completely as the COVID-19 pandemic. COVID-19 and the effort to quarantine and contain the global spread of the virus has had an impact on almost every human being in some way. For businesses, travel restrictions and border shutdowns affected supply chains, and social distancing protocols and stay-at-home orders forced many companies to adopt a completely 100% remote, work-from-home business model overnight.
Cybersecurity experts have been saying the network perimeter is dead for years—but COVID-19 changed everything and drove a spike through the heart of whatever perimeter was left. Suddenly, the “network” is the public internet, and the “endpoint” is a personal computer being used from some employee’s kitchen. Whatever challenges IT and cybersecurity teams faced in dealing with the eroding network perimeter are significantly increased in this “new normal.”
The Wipro report highlights some of the risks organizations face as a result of the dramatic increase in remote access. The survey found that 70% of respondents indicated that they face challenges with maintaining endpoint cyber hygiene, and nearly 60% cited issues with monitoring threats on unmanaged devices.
Facing Cyber Risks
The COVID-19 pandemic has also had an impact on the threat landscape. Attackers find opportunity in chaos, and COVID-19 represents a significant opportunity. As companies scrambled to adapt and maintain productivity while working remotely, attackers looked for ways to leverage the disruption and confusion to their advantage. Phishing attacks, ransomware, IP theft, and other cyber crimes have spiked up in response to the pandemic.
The State of Cybersecurity Report reveals that 86% of survey participants consider email phishing the biggest cyber risk right now. Lack of security awareness or employee negligence came in second at 57%. Ransomware attacks and third-party unprotected services also ranked around 50% as cyber risk concerns. All of these were already serious cybersecurity challenges in and of themselves, but the dramatic changes resulting from the pandemic and the chaos surrounding the sudden shift to working from home makes it easier for attackers and more difficult for IT security teams.
If there is a silver lining to all of this, it is that organizations in general have a better understanding of the importance of cybersecurity. Wipro’s State of Cybersecurity Report found that damage to brand reputation is perceived as the biggest consequence of a successful cyber attack, but survey participants are also concerned about loss of revenue, loss of customers, and significant fines or sanctions resulting from various regulatory and industry compliance frameworks.
The role of the CISO (Chief Information Security Officer) has taken on increased importance. Cybersecurity is a complex and constantly changing situation, and it is critical to have someone on the executive leadership team who can continuously review risk exposure and preparedness measures, and take on responsibility for managing cybersecurity effectively.
One of the challenges for the CISO—and organizations in general—is a lack of cybersecurity professionals with the training and skills required for the job. The State of Cybersecurity Report notes that 42% of survey participants find it difficult to retain cybersecurity talent, and 41% shared that it is challenging to find qualified applicants. Taken together, that is not a recipe for success.
An effective way for organizations to address the challenge of finding the right cybersecurity talent and ensure effective protection at the same time is to work with a managed detection and response (MDR) provider. The MDR provider has the cybersecurity talent and a dedicated focus on security, so they can handle prevention, detection, and response capabilities. It enables a business to have the effective protection they need while also freeing them up to focus on their core business goals with the confidence that security professionals are monitoring and managing cybersecurity.
Wipro’s State of Cybersecurity Report 2020
This barely scratches the surface of the State of Cybersecurity Report 2020. The Wipro report is comprehensive and contains a myriad of interesting and valuable insights. Click here to download the full report and check it out for yourself: State of Cybersecurity Report 2020.
*** This is a Security Bloggers Network syndicated blog from Blog authored by Alastair Martin. Read the original post at: http://www.cybereason.com/blog/wipros-state-of-cybersecurity-report-reveals-valuable-insights