How COVID-19 Changed Security –
A Look Back
2020 was a tough year to be a CISO. Security decision-makers found themselves more essential than ever when they suddenly were forced to securely transition their teams to remote work during a global pandemic. Tasked with defending their organizations against new threats – security teams found themselves under tremendous pressure. Ransomware, remote work risks, cloud migrations, and shadow IT suddenly went from everyday security issues to existential business challenges. In response, most organizations increased security investments, arming CISOs with more money and people, but increased spending did not equate to better protection. To mark the anniversary of the shift to remote work due to the pandemic, Randori surveyed 400 security decision-makers to understand how the community was impacted and how they’ve responded to the security challenges of the COVID-19 era.
Risks from Shadow IT Grew During COVID-19
- 3 out of 4 of security leaders saw attacks increase during the pandemic
- 55% of security practitioners agree that protecting their attack surface has become more difficult since the pandemic started
- 1 in 2 understand less than 75% of their real world attack surface
- 42% have been compromised because of shadow IT
Spending is Up, but Not All are Getting Help
- 55% of security teams increased spending
- 44% organizations grew their security teams
- But 1 in 4 organizations cut security staff
Attack Surfaces Are
Getting Harder to Protect
The Volume of Threats Has Increased During the Pandemic
When the pandemic hit, forcing most of American daily life online, many companies saw their cyber risk exposure explode overnight. 3 out of 4 security leaders agree the risk from cyberattacks increased. In fact, 74% of them saw more attacks since the pandemic started. As security teams rapidly enabled their employees to work outside the fortified networks of corporate campuses, and onto unsecured home Wi-Fi networks, attackers reaped the benefits of mistakes made by moving too fast and discovered thousands of new targets exposed for attack.
Attack Surfaces Are Harder To Manage
This shift accelerated an already rapid mass migration from on-prem IT infrastructure to cloud-based services that security was only beginning to get a handle on. As a result, many security teams found themselves falling behind.
- 55% say that protecting their attack surface has become more difficult
- 84% lack a true attack surface management solution and rely on vulnerability management solutions to manage their attack surface.
- 42% experienced a breach via shadow IT
Security Faces a
Most Security Leaders Beefed Up Security
As organizations were forced to go 100% digital, 55% of security leaders increased their spending, and 52% purchased new software. 44% added new security team members.
But Many are Doing More with Less
However, increased spending was not universal, with 1 in 4 security teams having to do more with less as the pandemic hit many industries hard, forcing 18% to cut security budgets.
CISOs Are Getting More
Comfortable with Risk
COVID-19 Forced Leaders to Shift from Securing Everything to Embracing Resiliency
Faced with adapting to unprecedented and accelerated change, security leaders found themselves forced to adopt risk-based approaches. While assumed breach has been a philosophy preached for many years, the sheer scale of COVID-19 forced many organizations to put those words into actions – shifting the focus away from security to one of risk management and resiliency. 76% of security leaders agree that breaches are an inevitability, and a quarter of practitioners suggest they are very tolerant of risk. As evidence, two-thirds of leaders recognize that some assets can be compromised without impacting their brand.
But Figuring Out Where to Focus Remains a Challenge.
- 76% agree that prioritizing what to patch has become harder since the pandemic
- 82% need better ways to prioritize
While COVID-19 forced the adoption of risk-based approaches, practitioners still struggle to gain clarity around their real-world risk. Specifically, the inability to assess the likelihood of an asset being targeted leaves many teams looking for better ways to prioritize – as traditional vulnerability models leave most drowning in alerts. Until organizations can better understand how to assess the likelihood, prioritization will remain a challenge.
Even as the industry added staff and spent millions of new dollars on new controls and preventive solutions, confidence in our approach and the efficacy of our defenses remains low. Objectively, despite increased spending – most security teams admit they lost ground.
With a vaccine rollout underway, 2021 may see many businesses return to more normal operations. Unfortunately for security teams, these technological shifts are here to stay, and with them, the risks they bring. We can clearly see within this data that cloud migration and work-from-home made the risk go up in 2020, and there is no reason to expect that to change going forward.
As the SolarWinds and Microsoft Exchange attacks show, companies remain susceptible to attack and need to continue to transition toward risk-based approaches focused on building resiliency. To this, we’ve got to find better ways to focus and identify our gaps.
Based on the data – with 1 in 2 experiencing a breach from shadow IT and 82% claiming a need for better prioritization — the issue appears to be fundamental—specifically, an inability to understand what’s exposed and clearly identify where the risks truly lie.
At Randori, we believe the the most effective approach is to understand the attacker’s perspective and treat security as a system to be maintained rather than a problem to be fixed. As recent attacks continue to expose the fragility of our approaches, the need for ways to better understand what attacker’s can see and where they would strike first has never been greater.
Randori partnered with Market Cube, a third-party research company, to survey more than 400 security decision-makers nationwide to understand how the COVID-19 pandemic affected their security operations. Market Cube surveyed respondents in February 2021.
Get on Target with Randori Recon
Randori Recon enables security teams to attack ransomware, shadow IT, and cloud insecurity with confidence. Gain a clear view of your attack surface by seeing your business from the attacker’s perspective. Stop guessing what’s exposed and start prioritizing like an attacker today with a demo at www.randori.com/recon.