Security planning and budgeting is always an adventure. You can assess current risk and project the most likely threats, but the only real constant in cybersecurity risk is its unpredictability. Layer a global pandemic on top of that and CISOs suddenly have the nearly impossible task of deciding where to request and allocate resources in 2021.
IDG, CSO’s parent company, released its Security Priorities Study in November. Its goal is to show how the COVID pandemic has changed what security focuses on now and what will drive security priorities and spending in 2021. Based on a survey of 522 security professionals from the US, Asia/Pacific and Europe, the study reveals how the pandemic has changed the way organizations assess risk and respond to threats—permanently.
Looking at risk in a new light
Threat actors have amped up their attacks in the wake of the pandemic. They know that many people are now working remotely and are likely more vulnerable. The study found that 36% of security incidents in the past year involved phishing attacks aimed to access corporate date, for example.
Attackers also know that the disruption caused by moving workforces to home offices might have distracted security and IT teams. Respondents reported that 29% of security incidents involved unpatched software vulnerabilities, and enterprise-level organizations claimed that 34% of security incidents stemmed from misconfigured services or systems. It is hard to know, however, whether those maintenance lapses would have occurred without the pandemic.