According to Tanium, a security and endpoint systems management company, more than 90% of organizations worldwide have been forced to delay key security projects, as many organizations have resorted to remote work due to the outbreak of the COVID-19 pandemic, while they have stopped correcting and updating the systems their. Thus, they are more exposed to cyber attacks. In particular, the company conducted a survey, in which it asked 1000 CXOs (Chief Experiences Officers), to better understand how pandemic changed the landscape of cyber threats.
According to the research, identity and asset management (39%), as well as security strategy (39%) were the most basic security projects that organizations have been forced to implement. Indicatively, in United Kingdom, solutions for virus protection and malware (37%), as well as networking solutions (36%) are more likely to be delayed.
Patching was also a major challenge for many organizations, with 88% admitting to experiencing difficulties during the pandemic. This is despite her huge workload Microsoft Patch Tuesday for administrators in recent months, including the largest set of CVEs released in June.
Many CXOs interviewed by Tanium seem to have had the illusion that they would not face security issues at the start of the pandemic. In particular, 85% of respondents said they felt ready to move to remote work, but in the end 98% admitted that they had not taken into account the security challenges of the first two months of the health crisis.
The first three challenges they faced were: locating new personal computing devices (27%), overloading VPN (22%) and security risks during video conferencing (20%). In addition, 90% of respondents revealed that cyber threats had increased, noting that the most common attacks were exposure and data leakage (38%), BEC scams or transaction fraud (37%) and Phishing (35%).
Tanium CISO Chris Hodson said many organizations were unprepared for such a sharp transition to remote work at the onset of the COVID-19 pandemic, and the rise in cyberattacks and critical vulnerabilities made it clear that much time was needed for the adoption and implementation of an effective strategy that responds to the new reality prevailing in the field of information technology.