Attacks Are Up
Pandemic impact report: Security leaders weigh in
'Retail: Hardest Hit and Perhaps Least Prepared'
A new survey of security and IT leaders sheds
light on how organizations across industries are dealing with the COVID-19
crisis, how prepared they were, how vulnerable they are, and what the long-term
impact may be.
This survey was conducted March 19-23, 2020 among 150 U.S.-based
security & technology leaders. Eighty-seven percent of respondents were
senior security executives representing an average company size of 23,825. Top
represented industries were: financial services, including banking, insurance,
and brokerage (27%); healthcare, including providers and pharmaceuticals (17%);
high tech (14%); and retail, wholesale & distribution (8%).
&uuid=(email))
We’re in this for a while
We asked security and IT leaders to estimate how long they expect social and
work restrictions, resulting from the pandemic, to remain in place. In general,
responses averaged 7.7 weeks, with respondents in the retail industry being
more hopeful (6.5 weeks) and healthcare respondents, as one might expect
them to be, coming in the longest at 9.1 weeks. Essentially, we’re looking at a
range that would see social and work restrictions remaining in place until
somewhere between May 7th and Memorial Day (May 25th).
Work from home has exploded -
Retail Employee @ Home Usage Up 66.4%
Three months ago, 16.5% of survey respondent’s employees worked from home at
least 60% of the time. As of March 23rd, that number had climbed to 77.7%, an
increase of 4.7-fold. High tech firms had the highest level of WFH prior to the
pandemic’s impact at 31.9%, and continue to have the highest today at 90.2%.
Retail/wholesale/distribution organizations have experienced the most drastic
change in WFH levels, increasing from 3.7% prior to the pandemic to 66.4% today,
a nearly 18-fold increase.
While 81% of respondents expressed confidence that their existing security
infrastructure could handle their employees working from home, 61% were more
concerned about security risks targeting WFH employees today than they were
three months ago.
How prepared were businesses?
In 2006/7 CSO magazine dedicated extensive coverage to pandemic
planning around Avian Flu. While, thankfully, that pandemic never
materialized, and despite SARS, MERS, and the outbreaks of other infectious
diseases, we didn’t hear the same amount of “pandemic buzz” in the years that
followed.
It seems that businesses learned their lesson, and many kept their resiliency
plans fresh in the intervening years. While only 54% of survey respondents
indicated that their pandemic/ resiliency plans had them prepared for the
current situation, 67% indicated that their security infrastructure was
fully prepared for the range of risks associated with the new operating
environment.
Time to go shopping?
22% of organizations have found themselves out shopping for new security
solutions/services to address the new work dynamic.
Attacks are up
&uuid=(email))
Unfortunately, this speculation has proven to be accurate: More than 26% of
survey respondents say their organizations have seen an increase in the
volume, severity, and/or scope of cyber attacks since March 12th. While the
increase in attacks has been fairly consistent across company size, with SMBs
seeing numbers only slightly higher than enterprise businesses, the financial
services industry has been especially impacted, with 37% seeing an increase.
The impact will be felt for years
Across all vertical industries and company sizes, 73% of survey respondents say
they believe that the impact of this pandemic will alter the way their
business evaluates risk for at least the next five years. In some
industries, like retail, that number was as high as 83%. This is an issue
that will radiate from financial regulators to boards of directors and so on,
down the institutional food chain. Risks that were thought to have a low
likelihood of occurring will now be getting a second look. Likelihood will be
the number focused on when considering risk, and resiliency will be the mantra.
Retail: hardest hit and perhaps least prepared
• With
the largest increase in employees working from home (3.7% before vs. 66.4%
today, a 17.9-fold increase), retailers indicated the highest level of
confidence across all industries that their security infrastructure can handle
all those employees who WFH.
•
Despite that confidence in preparedness, 25% of retail organizations have had to
purchase new security solutions/services in order to address the new work
dynamic.
• Only
42% (the lowest among all industries) indicated that their pandemic/ resiliency
plans had prepared them for the current situation
•
Retailers overwhelmingly (83%) believe that the pandemic will alter the way
their businesses evaluate risk for at least the next five years
• Only
17% of retailers report an increase in the volume, severity, and/or scope of
cyber attacks since March 12th, the lowest of all industries.
See the full article on
csoonline.com
&uuid=(email))
&uuid=(email))
