The coronavirus pandemic has presented a “once-in-a-lifetime opportunity for hackers and online scammers,” according to a new report from the Information Systems Security Association (ISSA), a community of international cyber security professionals, and independent industry analyst firm Enterprise Strategy Group (ESG).
As part of their research the organizations surveyed 364 cyber security and IT professionals from the global ISSA member list in April 2020, and found that respondents experienced a 63% increase in cyber attacks because of the pandemic.
The research showed that organizations were only fairly prepared for the pandemic. While 39% said they were very prepared to secure work-from-home devices and applications, 34% said they were prepared and 27% were underprepared. As a result, the pandemic drove rapid changes, changing workloads, and new priorities, the report said.
The pandemic and work-from-home trend have had an impact on cyber security professionals and their organizations alike. When asked to define the top challenges related to the new work-from-home environment, ISSA members mentioned securing remote devices, providing secure network access for remote employees, monitoring network traffic, and coordinating moves, adds, and changes with IT operations.
The pandemic has led to an increase in attempted cyber attacks, the report said, with 20% citing a significant increase in attempted attacks and 43% noting a slight increase in attempted attacks. In response to the increasing volume of cyber attacks, organizations are ramping up threat intelligence analysis and fine-tuning security controls.
Nearly 40% of the organizations surveyed are “very active” in monitoring and developing countermeasures for new types of cyber threats associated with the pandemic, while another 35% are active in these areas.
The research indicates that the pandemic has forced cyber security professionals to change their priorities and activities, increased their workloads, increased the number of meetings they have had to attend, and increased the stress levels associated with their jobs. Nearly half of the respondents (48%) said work from home has impacted the security team’s ability to support new business applications/initiatives.
Only 20% of the respondents think pandemic security requirements will lead to an increase in security spending in 2020, while one quarter think their organizations will be forced to decrease security spending this year. Where they expect their spending to increase, at least half of the respondents said areas of priority include identity and access management, endpoint security, Web and email security, and data security.
The researchers think that while it is noteworthy that 30% of the cyber security professionals surveyed said security will be a higher priority in the future, 70% report that they don’t know or don’t think the pandemic will lead to cyber security becoming a higher priority.
While it’s promising to see that the majority of organizations were able to handle the pandemic fairly well, “it is surprising that we are not seeing an increase in cyber security spending or prioritization following this event,” said Candy Alexander, board president of ISSA International.
“If anything, this should serve as a wakeup call that cyber security is what enables businesses to remain open and operational,” Alexander said. “Organizations prioritizing cyber security as a result of the pandemic will likely emerge as leaders in the next wave of cyber security process innovation and best practices,”
On a positive note, the health crisis and work from home strategies have led to some improvement in collaboration. Slightly more than one third of the respondents said their organization has experienced significant improvement in coordination between business, IT, and security executives as a result of pandemic issues and 38% have seen marginal relationship improvements.
When the cyber security professionals were asked if the pandemic is causing them to be concerned about their jobs or career choice overall, the answer seems to be “no” to both questions, according to the report. However, the data indicates that there is more uncertainty in the short-term about current cyber security jobs.
The pandemic has had a wide-ranging impact on individuals on security staffs, noted Jon Oltsik, senior principal analyst and fellow at ESG. With 84% of the cyber security professionals working exclusively from home during the pandemic and almost two-thirds thinking that their organizations will be more flexible with work-at-home policies moving forward, the situation has personally impacted cyber security professionals in their jobs and in their lives, he says.
Because it is not clear how long the pandemic will last, organizations should closely monitor and manage the relationship between security and operations teams accordingly, the report concluded.
At an individual level, already overwhelmed cyber security staffs are being asked to do even more, the report said. The pandemic and work-from-home trend “have changed security professionals’ priorities, increased workload, and changed their internal communication habits, and these valiant efforts must be monitored to maintain team morale and, ultimately, a strong and consistent approach to security.”