Security teams’ top areas of increased concerns include: employee home network security (58%); increased ransomware, and phishing and social engineering attacks (45%); keeping remote systems configured securely (41%), and keeping remote systems compliant (38%)
94% of cybersecurity professionals are more concerned about security now than before the COVID-19 pandemic, according to Tripwire-Dimensional Research. In assessing their security programs, 89% said COVID-19 has been a stress test for every security control and policy within their organizations. Security teams’ top areas of increased concerns include: employee home network security (58%); increased ransomware, and phishing and social engineering attacks (45%); keeping remote systems configured securely (41%), and keeping remote systems compliant (38%).
The research examined how organizations are managing the impact of COVID-19 on cybersecurity, as well as the consequences of working from home. Dimensional Research conducted the survey April 14 through April 21, 2020, which included responses from 345 IT security professionals.
Cybersecurity incidents are on the rise. 63% said they have experienced COVID-19-related attacks. In assessing how the significant increase in employees working from home has impacted the security team, 89% said it has made it the job more difficult. The top issues include:
- 49% said they cannot effectively secure employees’ home office environments
- 41% said it is more challenging to manage what devices are connecting to their corporate networks
- 38% said it is hard to gain visibility into remote assets and systems
“The massive shift to working remotely represents a huge change for organizations’ attack surfaces,” said Tim Erlin, vice president of product management and strategy at Tripwire.” It’s no surprise that security professionals are finding it challenging to monitor and minimize that new attack surface.”
The survey also found that 65% believe their security is worse because of COVID-19, and in an effort to strengthen their defenses, 53% said their companies are increasing security investments. As an immediate response, 53% are expanding the use of current security tools and 28% are investing in new ones. In addition, 42% are allocating resources to train staff for new skills, and 31% are considering managed services to reduce staff burden.
Erlin added: “We’ve had unprecedented growth in the cybersecurity market in recent years, but many of the most innovative technologies are most relevant in advanced use cases. It’s understandable that as companies tighten their economic belts and discretionary budgets are reduced, we’ll see more organizations taking a closer look at what their existing tools can do to help secure their assets.”