Expanding threat landscape is biggest concern, cybersecurity analysts tell Gartner

Since the COVID-19 pandemic began, IT teams have been trying to keep up with the ever-evolving array of cyberthreats.

hacker stealing data, data privacy threat concept

Image: iStockphoto/towfiqu ahamed

A new survey of cybersecurity experts by Gartner found that analysts are most concerned about the rapidly evolving threat landscape, which has changed exponentially since the onset of the COVID-19 pandemic. Gartner conducted the Security and IAM Solution Adoption Trend Survey online in March and April, taking in responses from 405 experts in North America, Western Europe, and the Asia/Pacific region. All of the respondents are in charge of risk management and work for enterprises that have an annual revenue of less than $500 million.

Hundreds of those surveyed said the coronavirus pandemic had changed the way attackers were attempting to infiltrate systems and had led to a new, diverse array of cyberattacks that will continue to evolve over the next three to five years.

"External risk is top of mind for security and risk management leaders in 2020, yet COVID-19 has proved how rapidly and how drastically such risks can change," said Jonathan Care, senior research director at Gartner. "Bad actors are always looking to take advantage of worldwide events, such as the pandemic, to exploit new vulnerabilities and circumvent even the most advanced security controls."

SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)

Just this year, cybercriminals have used the pandemic, and the changes to the nature of work, to unleash a wave of spam, malware, phishing scams, coronavirus-related business email compromise attempts, SMS phishing, and credential theft attacks

The survey also found that respondents were seeing an increased amount of activity from advanced persistent threats originating from nation-states

These attacks also used COVID-19 to attack healthcare institutions and essential services, with cybercriminals "using scan and exploit techniques, as well as password spraying that attempts to take advantage of unpatched vulnerabilities, to obtain bulk personal information, intellectual property, and national intelligence."

With millions of people working from home, enterprises are now forced to protect an exponentially larger attack surface, and survey respondents said the number of exposed virtual private networks and remote desktop protocols had increased greatly. 

All of the digital workplace solutions that were implemented to supplement the loss of in-person work spaces spurred new threat vectors, and security teams had no choice but to create entirely new methods of protecting remote endpoints as well as managing patches.

"Before the pandemic, most enterprises designed their risk appetites around the assumption that remote working was the exception, rather than the norm," Care said in a statement. 

"When that scenario was flipped, risks such as always-on VPNs and bring-your-own-device, which were previously a lower priority for security leaders, suddenly became top of mind. This forced security teams to rapidly reassess their enterprise's risk landscape and deploy new solutions and policies accordingly."

The survey included predictions from Gartner that at least half of all enterprises will deploy "combined endpoint protection platforms and endpoint detection and response solutions that supplement prevention with detect and response capabilities" by the end of 2023.

These platforms will be used to replace the kind of legacy antivirus products that are proving to have difficulty adapting to the kind of evolving threat landscape that the survey respondents cited as a major concern. 

According to Gartner, organizations are also turning to platforms with "extended detection and response capabilities" that help security teams detect problems more accurately and handle the deluge of notifications that often plague cybersecurity workers. 

"Many organizations waste time on legacy security technologies that have lost efficacy, or they continue to needlessly tune effective controls," Care added. "Rather than trying to anticipate and block all possible threats, invest in solutions with detect and respond capabilities, which can assist with unknown threats and improve response efficacy when prevention fails."

Also see