The COVID-19 pandemic has put a rocket behind the shift towards cloud-based security, as workers have moved en masse from the office to home.
Businesses face the challenge of providing secure remote access to resources, apps, and data, while attempting to keep costs down.
And as a result, according to a new survey from Microsoft, organizations are accelerating their moves towards zero trust strategies – allowing access to information only for those who require it at that moment – and multi-factor authentication.
The company surveyed nearly 800 business leaders of companies of more than 500 employees in India, Germany, the UK, and the US, asking their views on the pandemic threat landscape, the implications for budgets and staffing, and their thoughts on how the pandemic could reshape cyber-security long-term.
The survey confirmed that an ‘alarming’ number of businesses are being hit hard by phishing scams.
“Microsoft Threat Intelligence teams reported a spike in COVID-19 attacks in early March as cybercriminals applied pandemic themed lures to known scams and malware,” says Andrew Conway, general manager, Microsoft Security.
Phishing threats were reported as the biggest risk to security, with 90% of business leaders saying they’d been affected. More than half said clicking on phishing emails was the highest risk behavior they observed, and nearly three in ten admitted that attackers had successfully phished their users.
“Notably, successful phishing attacks were reported in significantly higher numbers from organizations that described their resources as mostly on-premises – 36% – as opposed to being more cloud-based,” says Conway.
More than nine in ten respondents said they were in the process of deploying new zero trust capabilities to some extent – and, thanks to the pandemic, more than half are speeding up these efforts.
And all this is putting pressure on budgets. While 58% of business leaders reported budget increases for security and 65% for compliance, 81% also reported feeling pressure to lower overall security costs.
This is borne out by a recent survey from McKinsey. Many budgets for this year were allocated long before the pandemic was even a distant threat.
McKinsey found that 70% of CISOs and security buyers believe budgets will shrink by the end of 2020 – although they plan to ask for significant increases in 2021.
In the meantime, says McKinsey, dealing with the increased threat from the pandemic is expected to limit spending on other concerns, such as compliance, governance, and risk tools. For corporate security-operations centers, budgets for more advanced threat-intelligence upgrades, behavioral analytics, and other tooling could fall.
Many changes, though, will be long-lasting, Microsoft believes. Homeworkers won’t be going anywhere any time soon, and, says the firm, the cloud and zero trust architecture will eventually become the industry standard.
“The cloud is a security imperative,” says Conway. “Where people often thought about security as a solution to deploy on top of existing infrastructure, events like Covid-19 showcase the need for truly integrated security for companies of all sizes.”