The COVID-19 pandemic has created a global challenge for businesses as well as people. Everyone has been looking for ways to deal with the same threat, and there has been a convergence in responses. We’ve seen a rapid uptake in work from home (WFH) for those who can and an explosion in online commerce, both B2B and B2C. This rapid transformation in how business is done has brought cybersecurity issues to the forefront.
It’s been a good news/bad news story. The cloud has been the home and the driver of a huge amount of digital transformation. While a shift to the cloud usually improves security, the speed of the shift saw some imperfect migrations. Criminals have been exploiting these flaws. The good news is that businesses are increasingly aware of and investing in the Secure Access Service Edge (SASE) solution to thwart those attacks and protect their networks while supporting remote and hybrid working approaches.
Our market report, The state of network security in 2021, reveals what we found out when we surveyed 750 organizations with more than 500 employees each across the U.S., Europe, and APAC.
What’s happening in the cloud?
Unsurprisingly, the research shows that almost all organizations surveyed experienced a successful security breach as the result of a network attack. Globally, we saw one third (33%) experienced one such breach, and nearly half (49%) experienced two or more breaches. That’s more than four out of five (82%) firms affected. In Europe, the news is just a bit better, with single attacks also affecting one third (33%), and those experiencing two or more breaches (46%) running a few percentage points behind the average. The U.S. had the highest rate of breaches (85%).
Ransomware played a part in the overwhelming number of attacks. Nearly three-quarters (74%) of organizations surveyed experienced a ransomware attack in the past 12 months. Looking at the overall number of breaches, it’s clear that most network-layer breaches involve ransomware attacks. EMEA fared better than the global average, with 69% of respondents reporting ransomware attacks. However, this is still a dangerously large number and shows there is nowhere safe from ransomware. While the incidence of attacks in EMEA is a few points lower than in APAC (72%), it is significantly lower than in the U.S. (83%). EMEA would be wise to use this current advantage to enhance defenses, as the threat is continuing to grow.
Out of the office
Remote working might be a factor in the increased risk of successful breaches and ransomware attacks. A lack of control over the at-home IT configurations used by employees — combined with a surge in COVID-19-themed phishing emails — has made it difficult for organizations to manage the IT environment.
On a global level, we currently see that one third (33%) of workers are full-time WFH, more than half (53%) are hybrid, and just 14% are always in office. In EMEA, the results are nearly the same, with slightly fewer full-time WFH (31%) and slightly more doing hybrid working (55%).
Looking into the future, the research there shows an expectation that staff will come back to the office for at least part of their working time — and this is where things flip, with EMEA taking the lead. In two years’ time, the global full-time WFH numbers are expected to decrease to 15% and full-time in-office is expected to more than double (39%). Responses from EMEA organizations surveyed found just one third (33%) of them expected the majority of employees to be working in-office full time. This is lower than the U.S. (40%) and substantially less than APAC (46%).
Securing the cloud
EMEA is lagging a bit behind the global average when it comes to the proportion of applications currently hosted in the public cloud. Globally, about one fifth (21%) of respondents said only a few applications were cloud-hosted, but in EMEA it is more than a quarter (26%). EMEA’s response rates for “less than half” (22%) were in line with the global average (23%), and responses for “all applications” were the same (11%) for EMEA and global responses. The shortfall came in the “most of applications” category, with EMEA (41%) lagging the world (45%). Still, it’s not too far behind.
If EMEA is to continue to shift applications to the cloud and achieve its expectations of reducing full-time in-office work, it needs to enhance security before it is as heavily attacked as the U.S. has been. The survey shows that, while there are regional differences, all areas are seeing growing pressure from attackers.
The good news is that EMEA is aligned with APAC and the U.S. in adopting key solutions to secure systems and create a consolidated defense against attack. These solutions are SD-WAN (software-defined networking in a wide area network), ZTNA (zero trust network access), and XDR (extended detection and response). In fact, EMEA is a few points ahead of the global averages. When respondents were asked if they had already implemented or planned to implement these solutions in the future, SD-WAN (98% EMEA vs. 96% globally), ZTNA (99% EMEA vs. 96% globally), and XDR (98% EMEA vs. 96% globally) were all ranked extremely high across every region and in every country.
A future in control
The past 12 months have seen a substantial increase in cyberattacks, of which ransomware has been a major component. Attackers have adapted to their “new normal” just as organizations have found new ways to work. The challenges that come with the double shift — attackers upping their game and organizations undertaking cloud-based transformation — are very real and must be taken seriously. That’s why we’re always surveying conditions, so we can continue to lead the industry with robust security solutions. We think it would a good idea for you to take a deeper look as well. You can access the report here. If you’d like to talk about what you’ve read, we’re happy to have a conversation with you.