The rapid transition to remote work has increased data protection and privacy risks worldwide, yet only half of technology professionals and leaders are confident of detecting and responding to cyber attacks during COVID-19, a new survey from ISACA has found.
The rapidly evolving COVID-19 situation has introduced fresh challenges for technology professionals worldwide as companies have had to introduce the "work from home" culture, with many of them without any prior experience of the practice.
A survey conducted by ISACA found that 87 percent of technology professionals and leaders agree that the rapid transition to remote work has increased data protection and privacy risks and 80 percent of organisations have shared cyber risk best practices for working at home with their employees.
Organisations are very well aware of the fact that cyber criminals will try and exploit the COVID-19 crisis to target their IT systems and employees. While 58% of tech leaders and professionals have noticed this trend, 92% of them have also observed a surge in the number of cyber attacks targeting individuals ever since the pandemic started spreading worldwide.
However, the fallout of such cybersecurity risks could be disastrous considering that not all organisations are prepared to respond to or even detect cyber attacks targeting their networks and employees. ISACA's survey revealed that while 51% of technology professionals and leaders are highly confident that their cyber security teams are ready to detect and respond to cyber attacks, only 59% have the necessary tools and resources at home to perform their job effectively.
“Organisations are rapidly and aggressively moving toward new ways of doing business during this time, which is a very positive thing, but it can also lead to making compromises that can leave them vulnerable to threats,” said David Samuelson, CEO of ISACA.
“A surge in the number of remote workers means there is a greater attack surface. Remote work is critically important right now, so security has to be at the forefront along with employee education.”
Organisations must curate their security practices to respond to new realities
Commenting on ISACA's findings, Faiz Shuja, Co-Founder & CEO at SIRP, says that organisations must have a security operations platform in place that fuses essential cybersecurity information in one place. Cybersecurity teams should have centralised visibility along with risk-based decision strategy so that decisions can be better prioritised in these heightened risk exposure times.
Shuja adds that to respond to increasing cyber attacks during COVID-19, organisations should adjust their risk matrix, change the default severity of phishing alerts, increase the frequency of vulnerability scanning of remotely access services and remotely connected devices, and upgrade the seriousness of alerts allied to their most critical assets.
Agreeing with the fact that the COVID-19 situation has increased the vulnerability of organisations to cyber attacks, Matt Walmsley, EMEA Director at Vectra, said, "as security teams adapt to the increase in remote working, RDP / VDI, VPN, SaaS application usage, project rollout acceleration and shadow IT issues have all contributed to an expanded remote access attack surface that needs protecting and monitoring, and of which many organisations have limited visibility.
"Increased remote working is here to stay, even when we get through the COVID-19 pandemic. There’s a need to act tactically today to improve security posture and insight where possible so that when organisations make changes, they take that opportunity to get to where they need to be for their envisaged tomorrow," he added.