How COVID-19 has increased the risk of security threats

During the first half of the year, 80% of companies surveyed saw "slightly to considerably more" cyberattack attempts, says Exabeam.

Cyber security concept. Encryption.

Image: metamorworks, Getty Images/iStockphoto

The coronavirus pandemic and resulting lockdown have created stress and strain for organizations and IT and security staff across the world. Beyond now trying to support a remote workforce, IT personnel have to contend with cyberattacks aimed at vulnerable targets at the same time many organizations and departments are suffering financial and budget issues. A report released Thursday by security service Exabeam contends that cyberthreats and financial risks have increased as the pandemic spread during the first half of 2020.

SEE: Navigating data privacy (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

For "The Exabeam 2020 State of the SOC Report," Exabeam commissioned Censuswide to survey more than 1,000 IT security professionals at small and midsized companies in the US and UK. Among all the respondents, 80% said they experienced "slightly to considerably more" cyberattack attempts in the first half of the year, breaking down to 88% in the US and 74% in the UK. A third of those surveyed were hit by a successful cyberattack during this period, triggering network downtime for 38% in the US and 40% in the UK.

The pandemic has taken a financial toll as well, affecting security budgets and employees. Some 70% of respondents in the US and 42% in the UK said that their companies deferred all security hiring from March through June. Further, 75% were impacted by furloughs of security team members, while 68% said that security staffers were laid off.

Despite the losses of security employees, only 22% of the respondents cited staff shortages as the biggest challenge in combating cyberthreats. Rather, communications with security teams and communications with other IT groups were the largest obstacles, especially as interactions between IT and security teams can be difficult to handle remotely. The ability to investigate cyberattacks was another major challenge, listed by 29% of those surveyed.

Budget cutbacks hampered organizations and IT departments in other ways. Among the respondents, 60% said that their companies deferred planned investments in security technology, with 68% in the US and 51% in the UK.

"Companies are grappling with the security fallout from an unexpected shift to remote work, but it's business as usual for cybercriminals and foreign adversaries with unprecedented opportunity," Steve Moore, chief security strategist at Exabeam, said in a press release. "The rise in attempted cyberattacks while companies experience staff reductions is a harsh reminder of the security and financial challenges created by the pandemic."

The abrupt shift to remote working played into the stress and strain felt by many IT and security teams. Some 49% of the respondents pointed to distractions in the home as a key obstacle. Others cited such challenges as navigating the line between work and personal computers, the learning curve involved in new tools such as SaaS (Software as a Service) applications, and a false sense of security or privacy. Overall, these issues were greater for those in the US than for those in the UK.

"We suspect that these country-level differences stem from the UK's consumer privacy legislation being much more mature than in the US, which virtually has no similar regulations in place," Moore said. "This could lead to UK responders feeling more secure in this remote world, as their country has done the work to have a program in place."

To help organizations and IT staffers better handle security amid the shift to remote working, Exabeam offers the following resources:

Also see