With the recent unprecedented shift to virtualized work environments in response to the COVID-19 pandemic, cybersecurity has become a crucial focus for organizational resiliency. The business disruptions that have occurred over the last few months have made companies particularly vulnerable to cyber threats, and organizations have been forced to seriously rethink how they approach security services.
A recent Deloitte survey of 880 executive decision-makers found that 69 percent expect the size and number of cyber attacks to increase over the next twelve months. Over half of these organizations responded that they plan to increase security spending in order to combat potential disruptions. Nearly a quarter indicated uninterrupted security coverage is a top concern.
In an interview with Security Boulevard, Deborah Golden, U.S. Cyber & Strategic Risk Leader, Deloitte Risk & Financial Advisory, noted that there has been an uptick in click-bait, phishing attempts, and misinformation campaigns. Additionally, as organizations collect more sensitive COVID-19-related information, they are increasingly likely to be targeted. Furthermore, as people are working on home/private networks, questions have been raised surrounding data privacy. In addition to such concerns, global organizations are also working through the complexities of cross-border regulations and varying cultural expectations.
Golden emphasized that CISOs will need to utilize a variety of tools to effectively address growing cybersecurity threats. She recommends implementing threat intelligence and threat hunting techniques from a variety of sources ranging from commercial, industry, and government training programs to improve security policies, as well as increasing the use of artificial intelligence and machine learning analytics. Golden also says organizations will increasingly need to be alert to threats from individuals already inside the network as well as targeted social engineering attacks.
Training may be particularly crucial. According to a recent survey by Trend Micro, although remote workers overwhelmingly agree that cybersecurity is important, limited understanding, resource constraints, and disagreements between workers and IT may impede true data security. As 81 percent of employee respondents agreed that they have a responsibility to ensure cybersecurity within their organizations, Rik Ferguson, Vice President of Security Research at Trend Micro suggests that “the problem area seems to be translating that awareness into concrete behavior.” Dr. Jessica Barker, Co-CEO of Cygenta, says that instead of solving problems only through new technology, CISOs and security teams need to focus on educating employees about how they engage with the technology.