Remote working and phishing attacks spiked during the coronavirus pandemic, but organizations believe they’re on track with their cybersecurity plans, according to a new report from CompTIA.
As COVID-19 changed the landscape of the workplace, shifting employees from the physical office to the virtual workspace, new threats to security have emerged in the enterprise. Workers are now relying more heavily on personal devices and the cloud, for instance, which cybercriminals have seen as an opportunity. Since the pandemic began, cyberattacks have spiked, with phishing attacks (55%), and malicious websites (32%) cited by cybersecurity professionals as the greatest threats, according to a report from Check Point.
Seventy percent of major organizations were strategizing to pour more money into cybersecurity efforts as a result of the coronavirus pandemic, according to a report in May. Gartner has predicted that, despite COVID-19, total global spending on cybersecurity will hit $123.8 billion in 2020.
A new report–CompTIA’s State of Cybersecurity 2020–took the temperature of how the enterprise has responded to security during COVID-19, surveying 425 US businesses.
SEE: Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic)
Here are the top findings from the report:
1. Executives remain satisfied with security
Despite the challenges of the pandemic, 36% of the companies surveyed say that they are completely satisfied with their security efforts, and 43% say that they are mostly satisfied–this point reflects a greater satisfaction level among executives, as 84% of C-suite members expressed comfort with their strategy, as opposed to to 32% of IT staff and 28% of business staff.
2. Advanced practices are the new norm
Cybersecurity was relegated, at one point, to the category of “IT function”–but no one today can argue that it hasn’t become a primary concern for the health of a business. As such, companies are adopting more finely-tuned practices to account for the complexities of threats. “The modern security approach has generally been defined by more advanced technology, more detailed processes, and more comprehensive education,” the report states. “Now, companies are formalizing their approach to areas like risk management and threat intelligence, with new frameworks emerging to structure best practices.”
3. Increased specialization
As threats continue to become more complex, the cybersecurity industry is becoming increasingly specialized in areas such as threat management, proactive testing and regulatory compliance, according to the report.
4. Variety of attacks and privacy are top concerns
The variety of attacks, which have gone from the days of simple malware and virus threats to a much greater range of possibilities, causing major catastrophes for businesses as well as privacy of data,represent the top two concerns for the enterprise, with 52% of businesses citing each as a “main concern.”
5. Cyber insurance policies become mainstream
Nearly half of companies surveyed (42%) say that they have already adopted a cyber insurance policy.
6. Education of employees is given extra weight
Even with the most advanced cybersecurity tech in place, humans are still the greatest cause of security breaches, according to the report. Education of employees, especially given the increasingly complex nature of threats, is therefore a top priority for the enterprise.
As the cybersecurity ecosystem expands, and each employee becomes responsible for maintaining security, cybersecurity has become an organization-wide endeavor and the strategy now also involves different business units, upper management, and outside firms.
“Cybersecurity has clearly moved away from being a side concern of the overall IT infrastructure plan,” the report states. “There is an incredible amount of complexity introduced by the shift to more proactive tactics, the changing regulatory environment, and the need to educate the entire workforce.”