The COVID-19 pandemic has had an immediate and dramatic impact on IT teams around the globe, and its long-term effects are still evolving. The 2021 Thales Data Threat Report study looked at various aspects of those impacts in a wide-ranging survey of security professionals and executive leadership that touched on issues ranging from COVID-19 and work-fromhome (WFH) strategies to quantum computing.
Majority of businesses still have remote working cybersecurity concerns one year into the pandemic, finds Thales.
– Four in five (82%) businesses remain concerned about the security risks of employees working remotely, despite many exploring potential hybrid working models
– Nearly half (47%) report an increase in the volume, severity, and/or scope of cyber-attacks in the last 12 months
– Of those who have ever experienced a breach, 41% had it happen in the last year, almost double the number (21%) compared to 2019
– Retailers are most at risk, with 61% experiencing a breach or failed an audit in 2020, raising concern for suppliers and consumers alike
Despite being over a year into remote working and looking ahead to likely shifts to hybrid remote/in-office working models, four fifths (82%) of businesses still remain concerned about the security risks of employees working remotely.
This is just one of the key insights from the 2021 Thales Global Data Threat Report, a commissioned study conducted by 451 Research, part of S&P Global Market Intelligence, which reveals that managing security risks is undoubtedly getting more challenging, with nearly half (47%) of businesses seeing an increase in the volume, severity, and/or scope of cyber-attacks in the past 12 months.
Attacks On The Rise
In fact, of those who have ever experienced a breach, two in five (41%) happened in the last year. This number has nearly doubled from 21% in 2019, marking a significant shift in the threat posed.
Globally, malware (54%) is the leading source of security attacks, followed by ransomware (48%), and phishing (41%). Yet, when it comes to how attacks occur, the message is clear: internal threats and human error are still of great concern to industry. A third of businesses stated that malicious insiders (35%) and human error (31%) are the greatest risks to them, followed by external attackers (22%).Despite the increased risk remote working has posed to enterprises throughout the pandemic, nearly half (46%) of businesses report that their security infrastructure was not prepared to handle the risks caused by Covid-19. In fact, only one in five (20%) of organisations believe it was very prepared.
Multiple Industries at Risk
This lack of protection is affecting some industries more than others it seems, with just under two thirds (61%) of retailers surveyed experiencing a breach or failing an audit involving data and applications stored in the cloud in the past year – the most of any industry surveyed. Over half of organisations in the legal (57%), call centre (55%), transportation (54%), and telecommunications (52%) sectors also suffered the same fate in the last 12 months.
Multicloud Complexity Increases Risks
As increases in attacks continue, businesses are turning to the cloud to store their data in this digital-first world. Half (50%) of businesses report that more than 40% of their data is stored in external cloud environments. Despite this, only 17% of businesses have encrypted at least half of their sensitive data stored in the cloud. On top of this, complexity is an increasing issue, with many respondents now using at least two PaaS (Platform as a Service) providers (45%) and/or two IaaS providers (Infrastructure as a Service). A quarter (27%) of businesses are currently using more than 50 SaaS (Software as a Service) apps.
Companies are recognising the issues they are facing and are attempting to address them with Zero Trust strategies. More than three quarters (76%) of respondents’ cloud strategy reportedly rely to some degree on Zero Trust security. Almost half (44%) of respondents selected Zero Trust network access (ZTNA)/software-defined perimeter (SDP) as the leading technology to invest in during the pandemic. This was followed by cloud-based access management (42%) and conditional access (41%). In fact, a third (30%) of global respondents claim to have a formal Zero Trust strategy and, interestingly, those with a formal Zero Trust strategy are less likely to also report having been breached.
However, despite businesses making moves to stop current threats, worries are growing about future challenges on the horizon. Looking ahead, 85% of global respondents are concerned about the security threats of quantum computing, a threat arguably exacerbated by the increasing complexity of cloud environments.