Microsoft has released new data to show how the pandemic is accelerating the digital transformation of cybersecurity. According to the data, 58% of respondents report that they have increased their security budgets due to COVID-19, 82% plan on adding more security staff, and 81% feel pressure to lower security costs.
“The role of security in remote work is having a direct impact on security budgets and staffing in 2020 as businesses scale existing solutions, enabling critical new capabilities like MFA, and implement a Zero Trust strategy,” Andrew Conway, general manager of security at Microsoft, wrote in a post.
Additionally, the data found COVID-19 has lead to two years-worth of digital transformations.
Hiring in a remote-first world
New challenges and greater demands for cybersecurity
“Microsoft Threat Intelligence teams reported a spike in COVID-19 attacks in early March as cybercriminals applied pandemic themed lures to known scams and malware,” Conway explained.
In that same time frame, business leaders reported phishing threats as the biggest risk to security. Ninety percent of the respondents indicated that phishing attacks impacted their organization and 28% indicated that attackers had successfully phished their users.
Notably, successful phishing attacks were reported significantly higher from organizations that described their resources as mostly on-premises with 36% on-premises and 26% in mostly cloud based architectures.
“For many businesses, the limits of the trust model they had been using, which leaned heavily on company-managed devices, physical access to buildings, and limited remote access to select line-of-business apps, got exposed early on in the pandemic,” Conway wrote. “This paradigm shift has been most acute in the limitations of basic username/password authentication.”
That’s why multi-factor authentication was the largest cybersecurity investment since the beginning of the pandemic, followed by endpoint device protections, anti-phishing tools, VPNs, and end-user education, according to the data.
The pandemic has already changed the way organizations approach cybersecurity in the long-term, Microsoft explained.
Companies were reminded that security technology is fundamentally about improving productivity and collaboration through inclusive end-user experiences.
Also, the zero-trust model became one of the top business priorities in the early days of the pandemic with 51% of businesses speeding up the deployment of zero-trust capabilities.
“The Zero Trust architecture will eventually become the industry standard, which means everyone is on a Zero Trust journey,” Conway stated.
Also, diverse data sets mean better threat intelligence as was demonstrated when automated tools and human insights helped to identify new COVID-19 themed threats before they reached customers – sometimes in a fraction of a second.
Lastly, the cloud is a security imperative with cyber resilience a key priority to regularly evaluate the risk threshold and the ability to execute cyber resilience processes through a combination of human efforts and technology products and services, according to Microsoft.