grandeduc - Fotolia
With enterprises today spending on average slightly more than a tenth of their IT budgets on cybersecurity (according to a 2020 Accenture report), it's safe to say that digital safety is no longer a niche concern for most organizations. As someone who has long been at the forefront of enterprise-level cybersecurity initiatives -- and as someone who has consistently lobbied, although not always successfully, for stronger safeguards and greater organizational awareness around digital risks -- I find this trend to be particularly encouraging. Trust me, businesses stand to see considerable return on these investments, too.
But in the meantime, especially since the onset of our still-unfolding global pandemic, there remains critical work to be done. In recognition of Cybersecurity Awareness Month, I want to outline a few emerging threat vectors -- and underscore why providing the highest level of security for customers and stakeholders should be top of mind for organizational leaders today.
Why double down on cybersecurity right now?
As with many threat vectors, this amounts to a pure numbers game. Think about it: The shift to remote work en masse means your employees are spending more time in front of digital touchpoints than they ever have before. In the eyes of malicious actors, that's an exploitable opportunity. Consider the following, for example:
- The FBI recently announced that it's fielding as many as 4,000 cybersecurity-related complaints per day, a 400% increase on pre-COVID-19 levels.
- Meanwhile, some companies have experienced as much as five-fold increases in the volume of cyberattacks since the onset of COVID-19. Not surprisingly, phishing scams remain a major threat for large organizations.
- As new ways of working have emerged, so have the strategies deployed by malicious actors in turn. One study, for example, which evaluated more than 1,500 Zoom-related domains registered in recent weeks, classified at least 4% of them as "suspicious" or "malicious." These risks need to be on the radar for forward-thinking leaders.
Where is COVID-19 impacting cybersecurity?
I've broadly outlined why cybersecurity should be an organizational priority today, but specifically COVID-19 has given rise to new cybersecurity challenges. According to a recent survey from Ernst and Young, the following areas have been foremost:
- remote working (71%)
- budget restrictions (41%)
- network overloads (40%)
- reduced staffing levels (37%)
For CISOs, each of these areas present distinct (and distinctly new) cybersecurity risks and challenges. All things considered, they give some indication of just how radically our world of work has undergone a "reset" since the onset of the global pandemic. That fact, as much as anything else, should be a clear mandate to further challenge our approaches to cybersecurity, too.
Where should you prioritize investment?
On Microsoft's most recent earnings call, CEO Satya Nadella observed that COVID-19 has driven "two years' worth of digital transformation in two months." No doubt Nadella was speaking from the standpoint of digitally driven innovation, but the same holds true for malicious actors. Make no mistake: Their capabilities have grown by leaps and bounds, as well.
That, in turn, is changing the game when it comes to organizational priorities around digital risks. According to one recent report, for example, the following five areas are the most heavily invested in by companies right now:
- identity and access management
- risk and compliance management
- data loss prevention
- unified threat management
Security preparation is not a one-size-fits-all strategy. The fact is that these investment priorities must be weighed against the specific threat landscape of your company and industry. It's probably a good idea to simultaneously reassess your overall risk appetite in the context of COVID-19, too.
Time to take action
As I hope to have made clear in this article, our fast-changing threat landscape is something that organizational leaders simply must be aware of. Now is the time to take action, and to act strategically, in order to mitigate a minefield of potential and emerging IT threats. I encourage CISOs everywhere to take advantage of Cybersecurity Awareness Month as an opportunity to begin, and even continue, having these important conversations.
About the author
Tami Hudson is the chief information security officer for Randstad North America. A specialist at building and maturing security programs and frameworks -- as well as using IT security as a business enabler -- Hudson has spearheaded IT solutions for some of the world's most prominent companies. She has a range and depth of experience and is well-versed in several sectors, from human resources to consumer goods, financial services and more. Hudson earned her B.S. from Georgia Institute of Technology and her MBA from Duke University.