The normal amount of fatigue understaffed cybersecurity teams experience is increasing significantly as the number of alerts cascading through multiple security platforms continues to increase in the wake of the COVID-19 pandemic.
With more employees working from home, the number of cybersecurity incidents that need to be investigated has naturally increased. However, a global survey of 600 enterprise IT security professionals conducted by the research firm CyberEdge Group finds 73% of respondents have seen elevated third-party risks amongst their partners and suppliers. More than three in four (77%) are seeking technologies to help automate third-party risk management, with 43% reporting they increased investments in this area.
With more employees working from home across highly distributed supply chains, the number of alerts cascading through multiple security platforms has become overwhelming, the report finds. Each supplier and partner is generating more security alerts than ever across the supply chain because each organization has employees working from home. Those alerts are aggravating a chronic, longstanding cybersecurity issue. The report notes that more than half of respondents (53%) said cybersecurity teams were already understaffed before the pandemic began.
Increasing security budgets
On the plus side, the report notes 54% of those surveyed increased their IT security operating budgets mid-year by 5% on average. Only 20% of enterprises reduced their overall IT security spending as a consequence of the economic downturn brought on by the pandemic. However, more than two-thirds of enterprise security teams (67%) were forced to temporarily reduce personnel expenses through hiring freezes (36%), temporary reductions in hours worked (32%), and temporary furloughs (25%). Only 17% were forced to lay off personnel.
Over three-quarters of respondents (78%) said IT security professional certifications have made them better equipped to handle pandemic-related challenges.
Budget prospects for next year look brighter, with nearly two-thirds of respondents (64%) planning to increase their security operating budgets by 7% on average, the report finds. Organizations plan to increase their security training and certification budgets by an average of 6%, the report also finds.
The survey finds an average of 24% of enterprise workers had the ability to work from home on a full-time, part-time, or ad hoc basis prior to the pandemic. Now, survey respondents report that on average 50% of employees can work from home. Interestingly, a full 81% of IT security professionals report enjoying working from home. Once a COVID-19 vaccine is developed and the pandemic is over, 48% would like to continue working from home part-time while a third (33%) would like to work from home full-time.
Addressing pandemic-fueled security challenges
The top three challenges cited by survey respondents are increased volume of threats and security incidents, insufficient remote access / virtual private network (VPN) capacity, and increased risks stemming from unmanaged devices.
The survey suggests that in response organizations are increasingly turning to the cloud to manage security. Three-quarters of survey respondents (75%) indicated an increased preference for cloud-based security solutions. As more workloads shift to the cloud, the top three technology investments to address pandemic-fueled challenges are cloud-based secure web gateway (SWG), cloud-based next-generation firewall (NGFW), and cloud-based secure email gateway (SEG).
Organizations are also investing in antivirus (AV) software, mobile device management (MDM) tools, and network access controls, the report notes.
The survey makes it clear cybersecurity teams for better or worse are adjusting to the new normal. Less clear is to what degree those efforts will be successful as cybercriminals make their own adjustments in the age of COVID-19.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.