Security leaders have never faced such pressure to protect their organization’s data and reputation from the dangers that surround them. The COVID-19 pandemic permanently changed cybersecurity, from cloud migration to remote work to security at the edge. At the same time, threats have increased. No one is immune to the potential of social engineering attacks, zero-day exploits, and other attempts to steal data and peace of mind.
With this backdrop, HelpSystems commissioned a survey in partnership with ISMG in the fall of 2021 to better understand COVID’s impact on data security, how leaders feel about their progress, and the practices and priorities that define their strategies. The newly released results provide a snapshot of how enterprises are evolving their data security strategies in order to help others enhance their own journeys.
From surveying over 180 cybersecurity leaders worldwide, we found that companies seem to be returning to a state of normalcy as they shift their attention from COVID mitigation to strategic planning. Implementing controls to secure IP as they support the new reality of hybrid workforces is top of mind for these leaders.
And yet, there are gaps in data security. Amid the focus on digital transformation, targeted social engineering attacks and ransomware continue to make inroads.
- 89% of survey respondents say their enterprises are more—or at least as—cybersecure as they were one year ago.
- 52% say cyberthreats have become fiercer in that time period.
- 19% say COVID-19 disrupted their data security initiatives.
- 63% say data visibility is the biggest challenge facing organizations today.
- 64% say a breach that exposes sensitive customer data is their top fear.
- 97% expect level or increased funding for cybersecurity in 2023, and key areas of investment will be enterprise data loss prevention (DLP), data classification, and encryption.
- What got you here won’t secure you tomorrow. With mass cloud migration, new software vulnerabilities, and an adversarial focus on supply chain disruption, security strategies that protect your enterprise today won’t be the ones to rely on tomorrow, and cloud security strategies are going to continue to be imperative.
- Everything starts with data security. Fears are high about sensitive customer data being exposed, and rightly so. If there’s no line of sight to where sensitive data and IP reside and who can access it, it can’t be protected. Gaining visibility to that data is critical, which is reflected in the 2023 spending priorities noted in this survey as data classification, encryption, and DLP.
- New ventures require new partners. With the great resignation and shortage of cybersecurity skills and staff, vendors who can offer technology and skills to address data security challenges are key to success in every industry. A partner like HelpSystems can help you meet your objectives and close the security gaps you can’t address with personnel.
- The perimeter-less enterprise has broadened the attack surface. Aggressive, sophisticated cybercriminals including nation-state actors have taken full advantage of security environments being in flux as companies worked to support remote and hybrid workplaces. Enterprises need to harness the power of vulnerability scanning and implement robust email security measures to guard against phishing, business email compromise, and ransomware.
- Employees are often the first line of defense. Cybercriminals often seek to infiltrate a company through its employees, often trying various types of phishing campaigns. Although 86% of survey respondents said employees have participated in security awareness training over the past 12 months, only 32% considered it very effective (60% said it was somewhat effective). This indicates there’s room for improvement in this area.
Silver Linings and the Ongoing Digital Transformation
Although the threat landscape has changed remarkably over the past two years, IT security teams are beginning to settle into the new environment. Eighty-nine percent of respondents said they had a defined security policy, and more than 80% had updated it over the past two years. This is encouraging.
Awareness of potential risks is higher than it was pre-pandemic, and enterprises are working hard to assess their growing infrastructures and secure them like never before.
There is certainly work to be done to understand how the best practices required today will support cybersecurity in 2022 and beyond. The first step for many is to take a holistic approach to data security to understand the types of data that exist, where it resides, who can access it, and what level of protection it requires.