Report: Pandemic Stirs

63% Spike In Cyber Attacks

Security Efforts, Priorities Lag Behind

By Steve Rensberry
RP News

ISSA graphic. One survey response.
   EDWARDSVILLE, Ill. - (RP NEWS) - 8/1/2020 - A newly released report from the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG) says the COVID-19 pandemic has presented a “once-in-a-lifetime opportunity,” for cybercriminals, and cites the results of a survey showing a 63 percent increase in cyberattacks since the crisis began.
   The survey was conducted by the two groups, culminating in a report representing input from some 364 cybersecurity and IT professionals.
   “COVID-19 had a wide-ranging impact on individuals on the security staff. With 84 percent of cybersecurity professionals working exclusively from home during the pandemic and almost two-thirds believing that their organizations will be more flexible with work-at-home policies moving forward, COVID-19 has personally impacted cybersecurity professionals in their jobs and in their lives,” Senior Principal Analyst and ESG Fellow Jon Oltsik stated in the July 30, 2020 release. “This is in addition to the ongoing impact on organizations and security teams from the yearly worsening problem of the cybersecurity skills shortage,” Jon Oltsik, Senior Principal Analyst and ESG Fellow. 
   An associated report, The Impact of the COVID 19 Pandemic on Cybersecurity, is available here.
   Highlights of the report, as noted in the release:
  •    Organizations were only fairly prepared for the global pandemic. Thirty-nine percent of respondents claim that they were very prepared to secure WFH devices and applications while 34 percent were prepared. Twenty-seven percent were underprepared. Therefore, the pandemic drove rapid changes, changing workloads, and new priorities.
  •    COVID-19 and WFH are driving improved collaboration. Slightly more than one-third of organizations have experienced significant improvement in coordination between business, IT, and security executives as a result of COVID-19 issues and 38 percent have seen marginal relationship improvements.
  •    COVID-19/WFH have had an impact on cybersecurity professionals and their organizations alike. The research indicates that COVID-19 has forced cybersecurity professionals to change their priorities/activities, increased their workloads, increased the number of meetings they have had to attend, and increased the stress levels associated with their jobs. Meanwhile 48 percent say that WFH has impacted the security team’s ability to support new business applications/initiatives.
  •    Most organizations don’t believe the pandemic will increase 2020 cybersecurity spending. Only 20 percent believe that COVID-19 security requirements will lead to an increase in security spending in 2020, while 25 percent think their organizations will be forced to decrease security spending this year. Where they expect their spending to increase, at least half pointed to priority areas being identity and access management, endpoint security, web and email security, and data security.
  •    COVID-19 may impact cybersecurity priorities. ESG/ISSA believes that while it is noteworthy that 30% of the cybersecurity professionals participating in this project say that cybersecurity will be a higher priority, 70% report that they don’t know or don’t believe that this crisis will lead to cybersecurity becoming a higher priority.
   ISSA International Board President Candy Alexander expressed surprise that cybersecurity has not become more of a priority after all that has happened.
   “While it’s promising to see that the majority of organizations were able to handle the COVID-19 pandemic fairly well, it is surprising that we are not seeing an increase in cybersecurity spending or prioritization following this event,” Alexander said. “If anything this should serve as a wakeup call that cybersecurity is what enables businesses to remain open and operational. Organizations prioritizing cybersecurity as a result of the pandemic will likely emerge as leaders in the next wave of cybersecurity process innovation and best practices.”
   The increase in cyber attacks and cybercrime has been noted by several news outlets, over the past couple of week especially.
   “Large swaths of the global economy have shut down during the global COVID-10 pandemic, but cybercriminals haven't been taking any time off. On the contrary, cyberattacks actually spiked during the first half of 2020 with attackers finding new ways to exploit the conditions brought on by widespread lockdowns,” writes Freelance Journalist Cynthia Harvey in a June 24, 2020 article for Information Week, available here: 10 Cyberattacks on the Rise During the Pandemic.
   Harvey cites an FBI spokesperson as saying the Internet Crime Complaint Center received close to the same number of complaints as of May 28 this year that they had for all of 2019.