We are seeing an unprecedented number of remote users on home and public internet services accessing their employer and school resources. This opens up these organizations to more risk from all of the remote users. IT departments are monitoring network bandwidth, VPNs, and access controls to make sure employees can still do their jobs. It is putting a strain on the organization infrastructure and the various internet providers.The question is: how are organizations dealing with these challenges? And do they feel that their organizations are just as secure as they were before the outbreak of COVID-19? To answer this question, Tripwire decided to commission Dimensional Research to survey 345 IT security professionals in April. Their responses helped to provide insights into how organizations are addressing the digital security effects of COVID-19.
The Rise of Coronavirus-Related Attacks
Securing the Remote WorkforceThe security of employees’ home networks in the wake of COVID-19 was also a top concern for 55% of respondents. This worry was followed closely by concerns over keeping remote employees’ computers securely configured and compliant at 41% and 38%, respectively.
"The massive shift to working remotely represents a huge change for organizations’ attack surfaces. It’s no surprise that security professionals are finding it challenging to monitor and minimize that new attack surface."Overall, survey participants gave several reasons for why their organization’s transition to a remote workforce had complicated their jobs:
- Almost half (49%) of survey participants indicated that it’s harder to secure employees’ home office environments. That’s just slightly higher than the ratio of IT security professionals (48%) who believe employees were more susceptible to digital attack attempts when working from home.
- More than two-fifths (41%) of respondents asserted that it is more challenging to manage what devices are connecting to the corporate network.
- More than a third (38%) said it is hard to get visibility of remote assets and systems. Overall, 64% of IT security professionals told Dimensional Research that security visibility had become more challenging following the transition of their employees to remote work. An additional 78% of individuals went on to disclose a lack of visibility over crucial data types including system update statuses on user endpoints, vulnerability assessments and remote access infrastructure.
The Way Forward for OrganizationsAmong all of the challenges discussed above, a lack of visibility might be one of the greatest issues facing IT security professionals today. It’s imperative that security teams know their attack surface so that they can come up with processes for effectively minimizing it and monitoring for threats. But now that the work is happening outside corporate networks and devices, organizations are trying to come up with ways to track threats in new ways. This is an evolving process. As organizations look to get the most value of their tools, they’re turning to their providers to help them understand how they can address specific issues with what solutions they already have. These challenges are constantly changing, so much so that the real security repercussions of COVID-19 have yet to be realized. That’s why improved tooling and training will likely be cornerstones of the post-coronavirus world. Erlin isn’t surprised by this forecast:
"We’ve had unprecedented growth in the cybersecurity market in recent years, but many of the most innovative technologies are most relevant in advanced use cases. It’s understandable that as companies tighten their economic belts and discretionary budgets are reduced, we’ll see more organizations taking a closer look at what their existing tools can do to help secure their assets."In the meantime, it’s important that organizations stay on top of evolving digital security challenges. You can learn more about these digital security issues resulting from COVID-19 by downloading Tripwire’s full report here.