It is still an open question how the corona crisis will change IT security concepts in companies in the long term. A large-scale survey by Bitdefender with more than 6700 IT security experts worldwide, including more than 500 from Germany, provides the first indications and data for this. . The pre-release report, “The Indelible Impact of COVID-19 on Cybersecurity,” provides data from May 2020 on how IT security professionals dealt with the challenges of the corona crisis. The study takes into account the views and opinions of over 6,700 Infosec professionals in 10 countries. The following percentages are based on the answers of the 513 respondents from Germany.
Trojans and phishing increase
Rapid changes in business offer excellent opportunities for malicious actors to gain access to corporate information. Above all, the respondents report that, in their opinion, Trojans (24%), phishing and whaling attacks (21%) have increased. 17 to 18% each confirmed an increase in ransomware, social media threats, cyberware, supply chain attacks, attacks on unpatched software, via IoT devices or DDos. 80% of respondents confirmed that attacks have increased using at least one of the most common attack vectors.
Which sectors were most affected by this increase during the Corona crisis? According to the German respondents, these are financial services (41%), followed by the public sector (31%) and healthcare (including telemedicine) with 27%. It is alarming that 65% of experts believe that the healthcare system was poorly prepared due to the reduced budgets.
With more people working from home than ever during the pandemic, cybersecurity workers are concerned about security implications. 34% fear that employees may feel more relaxed about security issues due to their environment. A third are concerned that employees will not adhere to the security protocol, particularly when it comes to identifying and reporting suspicious activity. With the increase in phishing and whaling attacks, 31% are concerned that their peers could become victims.
41% cite other people’s access to devices and 39% the use of untrustworthy networks as specific risks from home work. 37% consider the mixed use of messaging services for business and private purposes as a risk.
The change is in progress
What measures have companies taken to respond to the increase in homework? 22% have shared extensive cybersecurity and home work guides, approved applications, and content filtering with employees. One in five respondents (20%) provided VPNs and longer onesSessions. 19% each updated cyber security training for employees or ensured that the last patches were applied before employees in the home started to work. But despite the changed situation and the observation that the number of attacks is increasing, only 13% at the time of the survey had invested a considerable amount in upgrading the security stack and only 8% had introduced a zero trust policy.
Liviu Arsene, Global Cybersecurity Researcher at Bitdefender: “Cyber security is about reputation and business continuity. The ability to adapt quickly without increasing risk is vital for companies and organizations. If Covid-19 changes the work culture, the security strategy must change too. At least half of the organizations worldwide were unprepared for a scenario like this, and the attackers immediately took their opportunity. The majority of IT security professionals recognized this need for rapid change and took the first steps. ”
The five most important insights from the crisis
The pandemic offers a valuable opportunity to learn how to deal with changes in the world of work and how to prepare for unexpected events. The respondents learned these lessons: One in three participants (31%) stated that they intended to maintain IT support around the clock and 30% wanted to increase the number of IT security training courses for employees. 27% want to make vulnerabilities in their infrastructure more visible. 26% have decided to complete the inventory of the devices that access the corporate infrastructure. And 25% want new security guidelines to enable a larger proportion of employees to work remotely in the long term.
“The Indelible Impact of COVID-19 on Cybersecurity”
For the report “The Indelible Impact of COVID-19 on Cybersecurity”, 6,724 cybersecurity and IT employees in Great Britain, the USA, Australia / New Zealand, Germany, France, Italy, Spain, Denmark and Sweden were interviewed. All participants in the study use data security solutions and software security products and / or have decision-making authority over them. 23% of the participants are CISOs, CSOs and CIOs. The interviews were carried out online on behalf of Bitdefender from Sapio Research in May 2019 using an email invitation and an online survey. The report is free at https://www.bitdefender.com/files/News/CaseStudies/study/348/Bitdefender-10-IN-10-The-Indelible-Impact-of-COVID-19-on-Cybersecurity.pdf available.