How IT leaders were unprepared for the security challenges posed by COVID-19

The top three challenges cited in a Tanium survey were identifying new computing devices, overwhelmed IT capacity due to VPN requirements, and increased risks from video conferencing.

cyber-security-theme-with-hand-pressing-a-button-picture-id1215417037.jpg

Image: Melpomenem, Getty Images/iStockPhoto

Many organizations had already been preparing for a greater shift to remote working before the coronavirus pandemic struck. But the fast spread of the virus and the resulting lockdown speeded up those plans beyond most expectations. As a result of the transition, organizations have had to contend with unanticipated security threats. A report published Wednesday by security firm Tanium describes how IT leaders were surprised by the security threats and challenges they've had to face in the wake of COVID-19.

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic) 

Based on a survey of more than 1,000 CXOs in the US, UK, France, and Germany, Tanium's report entitled "When the World Stayed Home" found that 88% of the respondents said they felt ready to shift to a fully remote workforce. However, a full 96% admitted that they were caught off guard by the security challenges that arose within the first two months of the lockdown.

Asked to identify the top challenges they've faced, 27% cited the struggle to identify new personal computing devices on the network. Almost half of the respondents said that their organizations would return to normal by prohibiting personal devices on the network as a way to reduce risks.

Next, 22% of those surveyed pointed to overwhelmed IT capacity due to VPN requirements as a major challenge. VPNs that fail to work consistently impact the rollout of patches and force IT staffers to sidestep the routing of employee traffic through their organization's security measures.

The third key challenge, cited by 20% of the respondents, was increased security risk from video conferencing. In many cases, conferencing tools that are quickly adopted may not meet enterprise security standards. Zoom, in particular, is one popular virtual meeting application that has been beset with critical security flaws.

Patching in general has emerged as another challenge as 88% of those surveyed said they've run into trouble keeping devices updated with software patches. Some 43% said they had difficulty patching the personal devices of remote workers, while 45% said they were able to scan and patch network devices but were unable to keep track of how many devices had been patched.

For a quarter of the respondents, finding and patching vulnerabilities has taken a backseat during the pandemic. Many deprioritized this task due to overloaded VPNs and a lack of visibility into endpoints. But such a decision couldn't come at a worse time as cybercriminals have been busier than ever looking for weaknesses in VPNs and other remote work technologies.

Other security tasks have fallen by the wayside. A full 93% of the respondents said they had to cancel or postpone certain security priorities to deal with the shift to remote working. The top two kinds of projects that have been canceled or delayed are identity and access management and security strategy.

The abrupt transition to remote work and the failure to shore up security vulnerabilities have provided cybercriminals with open and inviting targets. Some 85% of the CXOs surveyed said they've seen an increase in cyberattacks since the start of the pandemic. The most common types of attacks witnessed have involved data leaks, business email compromise (BEC) or transaction fraud, and phishing campaigns.

Looking toward the future, 85% of the respondents said they think the negative effects of operating during the pandemic will last at least three more months; 33% predicted it would linger for another six to 12 months. To deal with the ongoing impact, most IT leaders plan to combat the most critical challenges of supporting a remote workforce.

Among those surveyed, 70% said they'll make cybersecurity the top priority for remote work. Some of the specific goals will be to meet compliance requirements, manage cyber risk, and balance risk with the privacy of employees. 

Further, as employees start to return to the office, IT leaders are eyeing greater focus on endpoint management to increase the visibility of IT assets, improvements to patch management, cloud computing to decentralize IT, and zero trust models to reduce the reliance on VPNs.

"The almost overnight transition to remote work forced changes for which many organizations were unprepared," Tanium's chief information security officer, Chris Hodson, said in a press release. "It may have started with saturated VPN links and a struggle to remotely patch thousands of endpoints, but the rise in cyberattacks and critical vulnerabilities has made it apparent that we're still far from an effective strategy for the new IT reality."

Moving forward, greater visibility into network devices and other assets is a key part of any strategy.

"Whether companies choose to permanently move their operations remote, return employees to the office, or some combination of both, one thing is clear: The edge is now distributed," Hodson said. "IT leaders need to incorporate resilience into their distributed workforce infrastructure. A key part of this is making sure organizations have visibility of computing devices in their IT environment."

Conducted by research company Censuswide, Tanium's survey reached 1,004 CXOs and VPs (CEOs, CIOs, CTOs) in companies with 1,000+ employees in the US, UK, France and Germany between May 29, 2020 through June 6, 2020.

Also see