Emboldened by the COVID-19 pandemic, hackers have hit businesses with a startling number of phishing scams, while corporate leaders, assailed by the novel virus, are simultaneously forced to rethink security staffing, budget priorities and investments in cloud based technologies, Microsoft said in a new study.
Microsoft’s recently conducted survey of some 800 business leaders of companies located in Germany, India, the U.K. and the U.S. with at least 500 employees, produced data on security investments made during the pandemic, budgets and staffing. In addition, the study offered five ways in which COVID-19 is shaping cybersecurity long-term.
The bottom line is that the pandemic is clearly accelerating the digital transformation of cybersecurity, Andrew Conway, Microsoft Security general manager, wrote in a blog post. As a result of COVID-19, 58 percent of the study’s respondents have increased security budgets, 82 percent plan to add security staff and 81 percent feel pressure to lower security costs. Of particular note for MSSPs, 40 percent of the study’s respondents have outsourced some of their security needs rather than hiring additional staffers.
Here are some drill downs:
1. On improving productivity and mitigating threats.
- Multi-factor authentication (MFA) was identified as the top security investment since the beginning of the pandemic (20%), followed by endpoint device protections (17%), anti-phishing tools (16%), VPN (14%) and security education (12%).
- Providing secure remote access to resources, apps, and data is the top challenge reported by security leaders.
2. On COVID-19’s impact on cybersecurity budgets.
- 36% have increased cybersecurity budgets by up to 25%.
- 22% have increased cybersecurity budgets by more than 25%.
- 19% no change.
- 14% decreased cybersecurity budgets by up to 25%.
- 8% decreased cybersecurity budgets by more than 25%.
3. On COVID-19’s impact on cybersecurity staffing.
- 42% added additional security pros.
- 40% outsourced some security needs.
- 31% had a hiring freeze.
- 19% reduced staffing.
- 16% made no changes.
Cybersecurity's Evolution: 5 Examples
Microsoft also identified five ways the pandemic is changing cybersecurity’s future.
1. Digital empathy. Improving end-user experience and productivity while working remotely is the top priority of security business leaders (41%). “Security has proven to be the foundation for digital empathy in a remote workforce during the pandemic,” Conway said. “Companies were reminded that security technology is fundamentally about improving productivity and collaboration through inclusive end-user experiences.”
2. The Zero Trust (don’t trust but verify) journey. With the skyrocketing of remote work, 51% of business leaders are speeding up the deployment of Zero Trust capabilities while 94% of companies are in the process of deploying some level of new Zero Trust capabilities. “The Zero Trust architecture will eventually become the industry standard, which means everyone is on a Zero Trust journey,” Conway said.
3. Diverse data=better threat intelligence. Some 54% of survey respondents said they have experienced more phishing attacks since the start of the contagion. On the other hand, COVID-19 has shown the “power and scale of the cloud” as Microsoft said it has tracked some eight trillion daily threat signals using a variety of products, services and feeds, the vendor said.
4. Cyber resilience is fundamental to business operations. More than half of cloud forward and hybrid companies report having cyber-resilience strategy for most risk scenarios compared to 40% of primarily on-premises organizations. “To maintain cyber resilience, businesses need to regularly evaluate their risk threshold and ability to execute cyber resilience processes through a combination of human efforts and technology products and services,” wrote Conway.
5. The cloud is a security imperative. Covid-19 showcases the need for truly integrated security for companies of all sizes. As a result, integrated security solutions are now seen as imperative.
So, What's Next?
Here are three ways forward:
- Listen to employees and take steps to build digital empathy. Enabling self-help options is a win-win for end-users and IT.
- Hire diverse security talent and empower them with great threat intelligence and tools.
- Embrace the reality that remote work is having a lasting impact on the security paradigm. Lean into the power of the cloud for built-in security spanning endpoints to the cloud.