The normal amount of fatigue understaffed cybersecurity team experience is increasing significantly as the number of alerts cascading through multiple security platforms continues to increase in the wake of the COVID-19 pandemic.
With more employees working from home the number of cybersecurity incidents that need to be investigated has naturally increased. However, a global survey of 600 enterprise IT security professionals conducted by the research firm CyberEdge Group finds 73% of respondents have seen elevated third-party risks amongst their partners and suppliers. More than three in four (77%) are seeking technologies to help automate third-party risk management, with 43% reporting they increased investments in this area.
With more employees working from home across highly distributed supply chains, the number of alerts cascading through multiple security platforms has become overwhelming, the report finds. Each supplier and partner is generating more security alerts than ever across the supply chain because each organization has employees working from home. Those alerts are aggravating a chronic longstanding cybersecurity issue. The report notes that more than half of respondents (53%) said cybersecurity teams were already understaffed before the pandemic began.
On the plus side, the report notes 54% of those surveyed increased by 5% on average their IT security operating budgets mid-year. Only 20% of enterprises reduced their overall IT security spending as a consequence of the economic downturn brought on by the pandemic. However, more than two-thirds of enterprise security teams (67%) were forced to temporarily reduce personnel expenses through hiring freezes (36%), temporary reductions in hours worked (32%), and temporary furloughs (25%). Only 17% were forced to lay off personnel.
Over three-quarters of respondents (78%) said IT security professional certifications have made them better equipped to handle pandemic-related challenges.
Next year budget prospects look brighter, with nearly two-thirds of respondents (64%) of organizations plan on average to increase their security operating budgets by 7%, the report finds. Organizations plan to increase their security training and certification budgets by an average of 6%, the report also finds.
The survey finds an average of 24% of enterprise workers had the ability to work from home on a full-time, part-time, or ad hoc basis prior to the pandemic. Now, survey respondents report 50% of employees on average can work from home. Interestingly, a full 81% of IT security professionals report enjoying working from home. Once a COVID-19 vaccine is developed and the pandemic is over, 48% would like to continue working from home part-time while a third (33%) would like to work from home full-time.
The top three challenges cited by survey respondents are increased volume of threats and security incidents, insufficient remote access / virtual private network (VPN) capacity, and increased risks stemming from unmanaged devices.
The survey suggests that in response organizations are increasingly turning to the cloud to manage security. Three-quarters of survey respondents (75%) indicated an increased preference for cloud-based security solutions. As more workloads shift to the cloud the top three technology investments to address pandemic-fueled challenges are cloud-based secure web gateway (SWG), cloud-based next-generation firewall (NGFW), and cloud-based secure email gateway (SEG).
Organizations are also investing in antivirus (AV) software, mobile device management (MDM) tools and network access controls, the report notes.
The survey makes it clear cybersecurity teams for better or worse are adjusting to the new normal. Less clear is to what degree those efforts will be successful as cybercriminals make their own adjustments in the age of COVID-19.