Survey methods and respondent profiles
This report contains the results of the Cyber Security Hub Survey, conducted in May and June 2020 among our subscribers, to compare actual results for H1 2020 with expectations for H22020. The largest segment (41%) of respondents describes their job as cyber security, a balanced representation of enterprise cyber security. The next largest segment is IT (27 percent) and corporate management (9 percent). Qualified respondents were truly cross-industry from automotive, education, financial services, government, healthcare/life science, manufacturing, media/telecommunications, retail/consumer packaged goods (CPG), technology, travel/hospitality, and utilities/oil and gas/energy.
Pandemic dynamics
This mid-year survey revealed potentially alarming answers to our questions about global pandemics. Questioned, “Has the global pandemic or an increasingly remote workforce changed your approach to security?”, 40% said no.
Your approach to security has changed due to the global pandemic and a remote workforce.
A global pandemic has not affected the security approach of two out of five cybersecurity companies. It is alarming that such a high percentage of CISOs still need to change their cyber security approach due to the global pandemic, which has forced us to adopt a new workforce structure.
The pandemic has changed the cyber security landscape:
- The use of network infrastructure has changed
- The endpoints of the test have changed
- Access management has changed
- The collaboration tools have changed
- Insider threat is a concept that has evolved
- No matter where you are in your cloud migration, the enterprise cloud infrastructure has become.
- The data in transit has been altered
- The threat vectors are changing
- Vulnerability Management has Changed
- Cybercrime has changed
Why did 40% of the cyber-security community keep its approach the same?
A significant part of the community has a sluggish mentality. The reduction in staff in response to the financial pressures placed on the companies during the pandemic is also concerning. The potential for an insider threat to turn into a dangerous external threat was now possible.
Is your IT/Security team reduced due to the pandemic?
When asked by Cyber Security Hub about the 19% unemployed DevOps/DevSecOps Community, Parag Deodhar (director of information security for Asia Pacific at VF Corporation) said: “When people don’t have enough food, money or resources, more actors will come up.” Deodhar also explained that the pandemic had expanded the threatscape, meaning that the landscape was opened up to people and pushed them toward cybercrime.
Jamal Hartenstein has extensive experience working with all branches of the military and the Department of Defense. He has also worked on military bases in joint task forces.
When asked about his perception, he explains: “If you don’t increase your security measures you are exponentially multiplying the risk in magnitudes based on the threats, vulnerabilities, and risks.”
Cyber security: Changing the mindset
We asked respondents to describe how their cyber-security approach had changed. This is a sampling of their answers:
- Cyber security teams that work remotely
- Implementing a Zero-Trust Network Strategy to improve network security and scalability
- Add contractors and outsourcing.
- Cyber security in the context of pandemics: Rethinking the strategy
- Adapting to environmental, operational, and business changes
- Monitor all situations constantly to understand issues and concerns.
- Increased system auditing, online training, and awareness programs
- Changed awareness and training programs to accommodate changes in workplace practices, such as remote working. remote working
- Focus on the support needed for remote workers and ensure that safety is a priority when employees return to the office.
- Adapting to the fact that most endpoints now are remote ensures their security.
- A greater focus on messaging and content to resonate with remote workers-emphasize the security controls that protect mobile workers and remote workers
- Mobile and critical infrastructure security: enhancing the protection of both
- Multi-factor authentication is being used more and more.
- Cloud-based protection is more critical to protect home-based workers.
- Combating the increasing difficulty in identifying and resolving issues remotely
- DevSecOps: more expertise and a focus
- Automation is used more to detect control changes. This means we will be automatically notified, respond to the incident and address it, analyze it, and rectify the control.
- IT costs can be reduced by eliminating unnecessary expenditures and services not used.
- Additional user training and simulated Phishing campaigns
- We constantly update our security strategy and actively monitor threats to ensure we are always prepared for new challenges.
- Data leakage can be prevented by stricter compliance with minimum security requirements.
- Reduce the time it takes to respond to incident reports generated by security and threat intelligence software.
In 2021, 40% of the cyber-security community will say they have kept their mentality the same in response to the global pandemic. Meanwhile, 20% of the top cyber-security talent has been made redundant. Unsurprisingly, 67 percent of the cyber-security community said their budgets are decreasing or remaining the same.
Budget for cyber security was reported to be decreasing or remaining the same between May 2019 and June 2020
Over two-thirds of cyber security experts said their budget would remain the same or decrease in July 2020. However, 59 percent had reported increased funding for the Mid-Year Market Report 2019, only one year earlier. The pandemic has had a significant impact on cyber Spending.
As a result of the increasing number of cyber attacks, and the global pandemic, one would expect that budgets for cyber security would rise to combat the problem. However, 62 percent of those in the cyber-security community disagree, expecting budgets to decrease or remain the same.