Beyond vulnerability scanning: Enhancing attack surface management for more proactive security

March 15, 2021

How COVID-19 Changed Security – A Look Back

By: Randori

Share on facebook
Share on twitter
Share on linkedin

How COVID-19 Changed Security –
A Look Back

2020 was a tough year to be a CISO. Security decision-makers found themselves more essential than ever when they suddenly were forced to securely transition their teams to remote work during a global pandemic. Tasked with defending their organizations against new threats – security teams found themselves under tremendous pressure. Ransomware, remote work risks, cloud migrations, and shadow IT suddenly went from everyday security issues to existential business challenges. In response, most organizations increased security investments, arming CISOs with more money and people, but increased spending did not equate to better protection. To mark the anniversary of the shift to remote work due to the pandemic, Randori surveyed 400 security decision-makers to understand how the community was impacted and how they’ve responded to the security challenges of the COVID-19 era.

Key Findings

Key Findings Header Image

Risks from Shadow IT Grew During COVID-19

  • 3 out of 4 of security leaders saw attacks increase during the pandemic
  • 55% of security practitioners agree that protecting their attack surface has become more difficult since the pandemic started
  • 1 in 2 understand less than 75% of their real world attack surface
  • 42% have been compromised because of shadow IT

Spending is Up, but Not All are Getting Help

  • 55% of security teams increased spending
  • 44% organizations grew their security teams 
  • But 1 in 4 organizations cut security staff 

How COVID-19 Changed Security - Key Findings


Attack Surfaces Are
Getting Harder to Protect

attack surfaces are harder to protect

The Volume of Threats Has Increased During the Pandemic

When the pandemic hit, forcing most of American daily life online, many companies saw their cyber risk exposure explode overnight. 3 out of 4 security leaders agree the risk from cyberattacks increased. In fact, 74% of them saw more attacks since the pandemic started. As security teams rapidly enabled their employees to work outside the fortified networks of corporate campuses, and onto unsecured home Wi-Fi networks, attackers reaped the benefits of mistakes made by moving too fast and discovered thousands of new targets exposed for attack.

74% agree attacks have increased during the pandemic

Attack Surfaces Are Harder To Manage

This shift accelerated an already rapid mass migration from on-prem IT infrastructure to cloud-based services that security was only beginning to get a handle on. As a result, many security teams found themselves falling behind.

  • 55% say that protecting their attack surface has become more difficult 
  • 84% lack a true attack surface management solution and rely on vulnerability management solutions to manage their attack surface.
  • 42% experienced a breach via shadow IT 

84% of organizations lack a true attack surface management solution



Security Faces a
K-Shaped Recovery

COVID-19 & A K-Shaped Recovery

Most Security Leaders Beefed Up Security

As organizations were forced to go 100% digital, 55% of security leaders increased their spending, and 52% purchased new software. 44% added new security team members.

1 in 4 Saw layoffs

But Many are Doing More with Less 

However, increased spending was not universal, with 1 in 4 security teams having to do more with less as the pandemic hit many industries hard, forcing 18% to cut security budgets.

K Shaped Recovery


CISOs Are Getting More
Comfortable with Risk

How COVID Changed CISOs

COVID-19 Forced Leaders to Shift from Securing Everything to Embracing Resiliency

Faced with adapting to unprecedented and accelerated change, security leaders found themselves forced to adopt risk-based approaches. While assumed breach has been a philosophy preached for many years, the sheer scale of COVID-19 forced many organizations to put those words into actions – shifting the focus away from security to one of risk management and resiliency. 76% of security leaders agree that breaches are an inevitability, and a quarter of practitioners suggest they are very tolerant of risk. As evidence, two-thirds of leaders recognize that some assets can be compromised without impacting their brand.

76% agree that breaches are an inevitability

But Figuring Out Where to Focus Remains a Challenge. 

  • 76% agree that prioritizing what to patch has become harder since the pandemic 
  • 82% need better ways to prioritize

82% Security Leaders Need Better Ways to Prioritize Threats



Looking Ahead

Looking Ahead - COVID 19

While COVID-19 forced the adoption of risk-based approaches, practitioners still struggle to gain clarity around their real-world risk. Specifically, the inability to assess the likelihood of an asset being targeted leaves many teams looking for better ways to prioritize – as traditional vulnerability models leave most drowning in alerts. Until organizations can better understand how to assess the likelihood, prioritization will remain a challenge.

Even as the industry added staff and spent millions of new dollars on new controls and preventive solutions, confidence in our approach and the efficacy of our defenses remains low. Objectively, despite increased spending – most security teams admit they lost ground.

With a vaccine rollout underway, 2021 may see many businesses return to more normal operations. Unfortunately for security teams, these technological shifts are here to stay, and with them, the risks they bring. We can clearly see within this data that cloud migration and work-from-home made the risk go up in 2020, and there is no reason to expect that to change going forward.

As the SolarWinds and Microsoft Exchange attacks show, companies remain susceptible to attack and need to continue to transition toward risk-based approaches focused on building resiliency. To this, we’ve got to find better ways to focus and identify our gaps.

Based on the data – with 1 in 2 experiencing a breach from shadow IT and 82% claiming a need for better prioritization — the issue appears to be fundamental—specifically, an inability to understand what’s exposed and clearly identify where the risks truly lie.

At Randori, we believe the the most effective approach is to understand the attacker’s perspective and treat security as a system to be maintained rather than a problem to be fixed. As recent attacks continue to expose the fragility of our approaches, the need for ways to better understand what attacker’s can see and where they would strike first has never been greater.


Randori partnered with Market Cube, a third-party research company, to survey more than 400 security decision-makers nationwide to understand how the COVID-19 pandemic affected their security operations. Market Cube surveyed respondents in February 2021.

Get on Target with Randori Recon

Randori Recon enables security teams to attack ransomware, shadow IT, and cloud insecurity with confidence. Gain a clear view of your attack surface by seeing your business from the attacker’s perspective. Stop guessing what’s exposed and start prioritizing like an attacker today with a free 14-day trial at

Gain an Attacker's Perspective

Uncover your true attack surface with the only ASM platform built by attackers. Stay one step ahead of cyber-criminals, hacktivists and nation-state attackers, by seeing your perimeter as they see it.