Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

9/16/2020
04:05 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Most Organizations Plan to Make COVID-19 Changes Permanent

After the pandemic, companies will continue to invest in improving IT infrastructure and security as well as automate tasks to reduce errors and improve network resiliency.

A clear majority – 83% - of C-level executives say the many operational shifts made during the pandemic will remain in place even after the COVID-19 pandemic ends.

Michael O’Malley, global vice president of marketing and strategy at Radware, says during the pandemic companies had to focus on making the network resilient, adjust to the remote contactless economy (home food shopping, restaurant deliveries), and future-proof their organizations for any disruptions in the years ahead.

"All of these activities will continue after the pandemic," O'Malley says. "The survey showed that the pandemic was a big shock to the system and it accelerated many trends. Companies will also be focusing on IT capacity such as product development and spending on IT security."

Related Content:

COVID-19-Related Attacks Exploded in First Half of 2020

Special Report: Computing's New Normal, a Dark Reading Perspective

New on The Edge: 5 Security Lessons Humans Can Learn From Their Dogs

The research, conducted by Enterprise Management Associates on behalf of Radware, points heavily to companies across vertical sectors focusing on resiliency – the ability to keep the business going, the network up, human errors down, and grow the business during the pandemic.

More than any other sector, 83% of the retail/ecommerce respondents were making their IT infrastructures more resilient via hybrid or multi-cloud adoption and 80% via automation. For telco/service providers, 74% were focused on resiliency, with 76% by automation; and 69% of financial services companies keyed-in on resiliency, with 79% via automation.

"The focus on automation shows that as a part of resiliency, companies were trying to reduce human errors," O’Malley says.

The survey also found that roughly half of the respondents say changes made regarding headcount, processes/applications, real estate assets, and budgets are now permanent. Some 95% of respondents say their physical locations were affected by the lockdown to some degree, and by 2022 more than 50% of employees will continue working remotely.

IDC reports similar numbers on the work-from-home front. According to the research firm, 6% of staffs worked from home pre-COVID, 53% worked from home during the height of the pandemic, and roughly 30% will work from home by 2021.

"Companies made a tremendous push to roll out VPNs and remote desktops once the pandemic first hit," says Frank Dickson, a program vice president who covers security at IDC. "I think now we've gotten to a point where most companies can focus on security. They realize that for people who only use Office 365, they may not need to give them full VPN access; they can have them authenticate through a passwordless option."

Creating Security Gaps

The Radware survey also shows some significant security gaps that resulted from the rapid move to work-from-home.

"Companies were never set up for this level of work-from-home activity," says Raghu Thummisi, cybersecurity market strategist at Radware. "Many were racing against time to build in security controls. We found that there were clear winners and losers. The move to the cloud was a much easier lift for the companies that had already made the migration. The companies that were mostly brick-and-mortar had a much harder time."

O'Malley says the data shows that companies were really stressed. Some 50% of companies were not confident in the organization's ability to protect against unknown threats, and 30% reported an increase in attacks at the start of the pandemic. In addition, 35% of the attacks experienced by the respondents required an incident response process, and 69% spent more than half of their time on network security-related discussions of issues.

The pandemic also accelerated migration to the cloud, Thummisi says, which exposed companies to some unforeseen security issues. Some 76% of survey respondents say the pandemic accelerated their cloud migration and while nearly one-third say attacks have increased, another 32% also say they are relying on third-party providers (both public cloud providers and MSSPs) to secure their digital assets.

"We found that companies don't always have a full understanding of the shared responsibility model with public cloud providers," he says.

When they roll out a development environment, for example, they don't always realize that they are responsible for taking down that test environment. "While the cloud makes it easier to spin up test environments, companies still have to validate and take down the environment," he says. "Companies need to be careful not to leave these environments open to attack."

IDC's Dickson, meanwhile, says he thinks companies understand the shared responsibility model, but that developers in many enterprises are not incentivized to build in security.

"App developers are focused on getting the application up, functional, then operational, there's usually not a security metric built in there," Dickson says. "Security has to be a priority and companies need to set up the systems, processes and incentives to make that happen."

 

 

Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20733
PUBLISHED: 2021-06-22
Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
CVE-2021-20734
PUBLISHED: 2021-06-22
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
CVE-2021-20735
PUBLISHED: 2021-06-22
Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to ...
CVE-2021-20736
PUBLISHED: 2021-06-22
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors.
CVE-2021-20737
PUBLISHED: 2021-06-22
Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors.