New poll suggests enterprises should harden systems against unconventional attack vectors

October 29, 2020

SafeGuard Cyber announced the results of a new survey of 600 senior enterprise IT and security professionals. Companies surveyed ranged in size from $100M to more than $1BN in revenue.

SafeGuard Cyber’s Digital Risk Survey was conducted to understand how businesses rate their own security and compliance risks in the new digital reality of the workplace wrought by COVID-19 pandemic. Respondents were asked to effectively grade their adaptations to date, articulate what gaps still exist, and how they are planning for the future. Fully 31% of respondents reported their entire business process has changed and is still evolving, while 26% said they’ve rushed certain projects that were scheduled for later.

The study revealed the need to harden unconventional attack vectors in cloud, mobile, and social media technologies. Moreover, enterprise organizations are juggling the twin demands of budget constraints and the need to drive business outcomes.

Key findings include:

There is a significant disconnect and tension between the perceived security and compliance needs and the level of organizational planning. Despite perceived digital risk around unsanctioned apps, ransomware attacks, and securing various tech stacks, only 18% of respondents cite security as being a board-level concern.
57% of those surveyed cited internal collaboration platforms, like Microsoft Teams and Slack, as the tech stack representing the most risk, followed closely by marketing technologies (41%).
1 in 4 respondents cite Executives’ personal social media as being an area of risk.
The biggest security and compliance challenge is the use of unsanctioned apps (52%), followed by trying to monitor business communications in multi-regional environments (43%), suggesting global enterprises are seeing more friction in adapting processes to the new post-COVID digital workspace.
When it comes to purchasing new technology, 59% cite budget as the top concern, followed very closely by “impact on business outcomes” like revenue growth and agility (56%). Enterprises are juggling the twin demands of budget constraints and the need to drive business outcomes.

“We all know the pandemic has had a seismic impact on businesses, but we were still surprised to learn how vulnerable organizations feel about the digital communications they’ve had to adopt rapidly,” said Jim Zuffoletti, CEO and Co-founder, SafeGuard Cyber. “Bad actors typically migrate to where the action is, so it makes sense digital channels are more likely to be targets than ever before. Surprisingly, marketing technologies have moved up on the list of exploits, and we’re seeing more and more attacks on organizations’ executive leaders.”

“It’s telling that budget and business impact are top of mind when buying new technologies,” said Otavio Freire, CTO and Co-founder, SafeGuard Cyber. “As business look to 2021, leaders will need security controls that enable rather than block new communication channels in order to sustain growth. With the pandemic’s disruption to fundamental operations, simply saying ‘no’ to channels like WhatsApp or Slack is no longer an option. It’s the way business gets done.”

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.