Ninety-two percent of UK organisations admit to experiencing an increase in cyberattacks since the onset of the COVID-19 pandemic1, with the vast majority (92%) delaying key security projects. That’s according to new research released today by Tanium, the provider of unified endpoint management and security built for the world’s most demanding IT environments.
The report, When The World Stayed Home, analyses the survey responses of 1,000 global CXOs and vice presidents at mid and large-size organisations across the United States, the United Kingdom, France and Germany, including 253 executives in the UK. It reveals how global leaders are adapting to distributed working and how the experience will influence their decision making in the future.
COVID-19 exposed enterprise security gaps
The majority of respondents (83 percent) in organisations with a distributed workforce said they felt prepared to shift to a fully remote workforce, yet almost all (98 percent) admitted that in the end they faced security challenges due to the transition. The top three greatest challenges for UK organisations were: identifying new personal computing devices on the network (28 percent); overwhelmed IT capacity due to VPN requirements (22 percent); and increased security risk from video conferencing (22 percent).
Rising cyberattack volumes compounded these challenges as threat actors sought to capitalise on firms’ vulnerabilities. Responding organisations reported experiencing attacks involving data exposure (38 percent), phishing (35 percent), and business email or transaction fraud (35 percent).
Storing up problems for later
But even as cyberattacks increased and post-compromise activity spiked – signalling the existence of critical security gaps prior to the pandemic – nearly all (92 percent) respondents who transitioned to distributed working said they had to delay or cancel planned security priorities. Antivirus and malware sandboxing (37 percent), networking zoning (36 percent), and security strategy work (35 percent) were the top areas where leaders had to cancel or delay projects as a result of remote working efforts.
Patching was one of the key areas where organisations appear to have been caught off guard. Eighty-six percent of respondents had trouble in this crucial area, while 42 percent experienced specific difficulties patching remote workers’ personal devices — potentially exposing their organisation to risk. A quarter (22 percent) admitted to effectively side-lining this crucial IT security best practice at a time when Microsoft alone released 100+ fixes in successive Patch Tuesdays.
Visibility and control are crucial
With most (86 percent) respondents believing that the negative impacts of the global pandemic will last for several months to come, thoughts are now turning to how they can securely transition to a more permanent model for flexible work––and there are significant challenges.
Respondents were concerned that home IT would be difficult to implement long-term for multiple reasons, including: compliance regulations (28 percent), managing cybersecurity risks (26 percent) and balancing cyber risks with employee privacy (16 percent). For many, the challenges posed by personal devices were so great that 42 percent of respondents said they will prohibit these entirely when employees return to work.
For these reasons, respondents overwhelmingly identified security as a top priority in the months to come. Sixty-nine percent said they will make cybersecurity a priority for remote work going forward, ahead of avoiding business disruption (14 percent) or protecting the organisation’s intellectual property (17 percent).
“The almost overnight transition to remote work forced changes for which many organisations were unprepared,” said Chris Hodson, Chief Information Security Officer at Tanium. “It may have started with saturated VPN links and a struggle to remotely patch thousands of endpoints, but the rise in cyberattacks and critical vulnerabilities has made it apparent that we’re still far from an effective strategy for the new IT reality.”
“Whether companies choose to permanently move their operations, return employees to the office, or some combination of both, it’s clear that the edge is now distributed. IT leaders need to incorporate resilience into their distributed workforce infrastructure. A key part of this is making sure organisations have visibility of computing devices in their IT environment,” added Hodson.
Tanium brings intelligence to each endpoint for instant visibility and unparalleled context, enabling IT operations and security teams to efficiently manage and secure the IT environment, anywhere endpoints exist. To learn how Tanium is supporting customers’ remote operations with Tanium as a Service, visit: https://www.tanium.com/products/tanium-as-a-service.