Top COVID-19 security statistics

While far from over, the COVID-19 pandemic has had a massive effect on organizations and the security teams that work to protect them. Yet there have been learnings and interesting pieces of information at every stage of the pandemic.

Many companies discovered their continuity plans didn’t account for every employee working remotely at the same time. While most companies managed to transition smoothly to the “new normal,” many needed to invest in technology or education to ensure their staff understood what they should and should not be doing.

Once the transition was complete, organizations found their attack surface had changed immensely and threat actors attempted to seize upon the opportunity. Phishing, brute-force and malware attacks surged while the number of endpoints connecting to corporate networks ballooned.

COVID has accelerated digital transformation efforts, which could result in business leaders making cybersecurity a higher priority. Meanwhile, the shrinking of physical office footprints and the possibility of a large permanent remote workforce means CISOs need to reassess their long-term technology priorities and risk.

Here are the key cybersecurity stats around the pandemic and how this data might inform your thinking about the people, processes and technology in your own organization both now in the future.

Transitioning to remote work

Most companies had some form of remote work technologies and processes in place before the pandemic, but for many the scale and speed with which companies had to adapt to the new normal posed a challenge. 

Despite claiming to have up-to-date business continuity plans, 66% of organizations said they did not have a pandemic preparedness plan in place, according to Databarracks’ Data Health Check 2020. Many of the companies CSO has spoken with throughout the pandemic said they had business continuity plans in place prior to COVID, but many realized early on that they relied on being able to failover staff to alternative sites or never accounted for the scale required for every employee to be working remotely. CISOs should look to ensure business continuity plans include a pandemic-like scenario where there might not be a backup location to move staff to and ensure plans account for dealing with incidents remotely.

While the majority (87%) of security organizations said the transition to work from home went smootly, according to ESG’s The Impact of the COVID-19 Pandemic on Cybersecurity report, secure configuration of employee devices, secure access, and remote monitoring were listed as the main challenges for security staff. Three quarters of companies said they were able to adopt processes to enable home working immediately, with much of the rest (20%) requiring one to two weeks to adopt new processes, according to IJYI’s Agility in the face of Lockdown report.

For many organizations, the transition required investment. Just under half (46%) of organizations shifted IT resources toward cybersecurity to protect their network, according to Infoblox’s COVID-19 Challenges for the Borderless Enterprise report, while 38% shifted resources away from cybersecurity to help set up remote workers. Nearly a quarter (22%) of organizations have bought new security solutions/services to address the new work dynamic, according to CSO Online’s Impact of COVID-19 Survey.

With 60% of organizations that adopted work-from-home technology having accelerated or bypassed the normal privacy/security reviews, according to IAPP, CISOs that may have made snap decisions during the transition should go back and ensure that any checks that were skipped or accelerated have been redone to ensure all the risks have been accounted for. Zoom’s security issues throughout the pandemic have been well publicized and are a good example of a remote tool that was quickly adopted by many without concessions for security.

While many companies might have had some form of remote work policy in place, Tanium reports that just under half of business decision makers admitted that their existing cybersecurity policies are not suitable for maintaining a 100% remote working model. More worryingly, an IBM study found that almost half of people new to working at home haven’t received additional security training, new security policies, or guidelines on how to securely work or handle personally identifiable information (PII) while working from home. CISOs need to ensure their policies reflect the current working reality and plan for the possibility of long-term remote working; they must also update security education and awareness initiatives to reflect the different risks of home working.

COVID-related threats and attack surface changes

With new opportunity comes new risk. While firms rushed to adopt remote-work technology and digitize processes, threat actors were quick to act, increasing attacks of all varieties against all targets.

Ransomware attacks by both state-affiliated and financially driven groups increased despite some groups claiming a ceasefire. SonicWall reports that ransomware attacks spiked more than 100% in 2020—most notably against healthcare organizations and research firms working on vaccines. As ever when it comes to this type of attack, organizations should ensure systems are patched and segmented as much as possible and ensure that backup and recovery processes are place and tested regularly.

Attackers also doubled down on phishing attacks, both COVID-themed and more broadly. Phishing incidents rose 220% during the height of the global pandemic compared to the yearly average, according to F5’s Phishing and Fraud report, while Palo Alto reports that over 86,000 high-risk COVID-related domains were registered between March and April 2020.

Rafael Narezzi, CIO/CISO at renewable energy asset management firm WiseEnergy, tells CSO that his company saw a 600% increase in attack attempts during the start of the crisis, primarily through phishing and other social engineering scams. The fact that many employees will likely be more relaxed and distracted at home makes them more likely to fall for such social engineering attacks, and reinforces the importance of security education and awareness.

Other threat vectors also increased. Supply chain attacks rose 38% since the start of the pandemic, reports Bitdefender. Vendors, partners, and clients have all had to go through similar challenges and transformations, and CISOs should reach out to their ecosystem to reassess the risk key partners may present and ensure all compliance requirements are still being met.

Other risks that increased during the pandemic include insider-threats, which increased 27% during the pandemic according to Tessian; RDP brute-force attacks, which Kaspersky reports grew 400% in March and April of 2020; and a 2,000% increase in malicious files with Zoom in their name between February and March 2020, according to Webroot.

Security teams report that offboarding remote employees, managing new devices, device exposure at home, and shadow IT are the main remote work security concerns, according to Malwarebytes’ Enduring From Home study.

The transition to remote work also caused complications around endpoints and data. Tessian reports that 58% of employees used personal devices during the lockdown period, while Netskope warns that 7% of users intentionally uploaded sensitive data to personal instances of cloud applications. Organizations’ reaction to the challenge of remote endpoints and access has been mixed. Just over a quarter (26%) of companies introduced more stringent endpoint security and access measurements since the pandemic began, yet 35% relaxed their policies to foster productivity, according to Hysolate’s The CISO’s Dilemma report.

Some reports indicate interest in multi-factor authentication (MFA), zero-trust, employee behavior monitoring, data monitoring, and related technologies has increased as companies look to better secure and monitor remote workers and their devices. CISOs should consider their current endpoint and user monitoring technologies and judge if they provide the controls and visibility that’s required, especially if home working at scale is likely to continue post-pandemic.

Long-term post-pandemic impact on security

While the vaccines currently in development offer the prospect of life returning to normal in the relatively near future, there is likely to be a long-term impact on how businesses operate. Over 80% of companies expect to continue supporting work-from-home employees at a higher rate than before the pandemic hit, according to Radware’s C-Suite Perspectives 2020 report. A survey by KPMG suggests most companies will look to downsize their office in the future, and CISOs will need to consider how this impacts technology choices, processes, security policies, and the risk profile of the organization.

Ninety-six percent of organizations say they are adjusting their cybersecurity strategy due to COVID-19, reports PwC’s Global Digital Trust Insights Survey 2021, and 50% said cybersecurity and privacy will baked into every business decision or plan due to the virus. This focus on security should provide CISOs with more influence at the most senior levels of the business.

Just under a quarter (23%) of companies say their security budgets will increase due to COVID, per Domain Tools’ 2020 Cybersecurity Report Card, while 15% said it will decrease as a result. While some CISOs may have more resources to secure remote workers security, others might be forced to reassess what they are paying for and what constitutes best value for money in the face of cuts.

For security teams themselves, 24/7 IT support, more security training, new remote policies, and an inventory of devices accessing networks are changes introduced during lockdown that security teams expect to be made permanent, reports Bitdefender. The changed attack surface and new risk profile from more remote access also changes the calculations around successful cyberattacks. IBM’s most recent Cost of a Data Breach report warns that remote work increases the average cost of a data breach by $137,000.