Half of security professionals had no plan for a pandemic scenario
New research from Bitdefender shows that half of information security professionals didn't have a contingency plan in place -- or didn't know if they did -- for a situation like COVID-19 or similar.
Yet 86 percent admit that attacks in the most common vectors have been rising during this period. Cyberwarfare and IoT as an attack vector were reported to be up by 38 percent, and APTs, cyberespionage IP theft and social media threats/chatbots by 37 percent -- all of which could turn 2020 into a bumper year for breaches.
Although it can be hard to foresee exact situations, rapid changes to business often pose opportunities for malicious actors to gain access to corporate information. Infosec professionals report that, in their opinion, phishing or whaling attacks (26 percent), ransomware (22 percent), social media threats/chatbots (21 percent), cyberwarfare (20 percent), trojans (20 percent) and supply chain attacks (19 percent), have all risen during the pandemic. While this perceived rise is alarming, the rate at which attacks have seemingly increased is even more worrying. According to respondents ransomware was up by 31 percent, and DDoS attacks by 36 percent.
Home working is causing problems too, more than one in three (34 percent) say they fear that employees are feeling more relaxed about security issues because of their surroundings. In addition, others say that employees not sticking to protocol, especially in terms of identifying and flagging suspicious activity, is a worry (33 percent).
The crisis has driven some positive changes though, 22 percent say they have already started providing VPNs and made changes to VPN session lengths. A similar group (20 percent) have also shared comprehensive guides to cybersecurity and working from home, along with pre-approved applications and content filtering with employees, while 19 percent have updated employee cybersecurity training.
Yet, despite their fears of a rise in attacks, only 14 percent have invested a significant amount of money in upgrading security stacks, 12 percent have bought additional cybersecurity insurance, and only 11 percent have implemented a zero trust policy
"At least half of organizations admitted they were not prepared for a scenario such as this, whereas the attackers are seizing the opportunity. But within the current situation there is a great opportunity for positive change in cybersecurity," says Liviu Arsene, global cybersecurity researcher at Bitdefender. "In cybersecurity with high stakes around monetary and reputational loss the ability to change, and change rapidly, without increasing risk is critical. With COVID-19 changing the business landscape for the foreseeable future security strategy has to change. The good news is that the majority of infosec professionals have recognized this need for rapid change, although forced by current by circumstances, and have started taking action."
You can read more in the full report on the Bitdefender website.