As the UK turns its attention to recovery from the COVID-19 pandemic and enters a new way of working, new research from SCC suggests businesses are prepared to tackle the enhanced challenge of IT security head-on, despite the coronavirus crisis offering up new opportunities for would-be cyber criminals.
According to SCC’s latest IT Insights Survey, a series commissioned by SCC to gain valuable insight into the UK IT market, in which we surveyed 550 IT decision-makers from 11 different sectors about the impact of COVID-19 on IT security, 87% of respondents believe their organisation’s leadership team is committed to the adoption of security across the IT estate. Interestingly, there is no change in the proportion of IT decision-makers reporting this since before the COVID-19 pandemic hit, highlighting a determination and resilience to meet new IT security challenges despite shifts in focus on priorities applicable to almost every organisation. Endless Challenges The ‘new normal’ brings endless challenges for IT security teams. Some of these have resulted in a shift in long-term focus and priorities, as organisations play catch up with proper governance and adoption of new technologies, deployed quickly in response to COVID-19. Others are more urgent – in particular the protection of IT systems from hackers who seek to take advantage of vulnerabilities caused by the pandemic with millions of new targets. However, faced with the challenge of enabling immediate and widespread homeworking in order to maintain business as usual, it would have been all too easy to remove security control as an enabler for speed. This is the wrong strategy and with 87% of IT decision-makers reporting their leadership teams are as committed now as they were pre-COVID-19 to the adoption of appropriate IT security, it appears the right strategies are being put in place. We have seen an unprecedented increase in phishing attacks which are becoming more targeted and more sophisticated. To minimise threats it is imperative that strong password policies are enforced for all users and organisations to provide education to all users on what phishing emails look like and ensure Multi Factor Authentication (MFA) is turned on to minimise brute force attacks. If MFA is not currently in place then organisations really need to look at adopting it. AI-powered cyber attacks are now prominent. Hackers are using artificial intelligence to create programs that mimic known human behaviours. They can then use these programs to trick people into giving up their personal or financial information. The need for commitment As the COVID-19 pandemic has developed, the seriousness of the threat to IT security has become obvious to all, including senior leadership teams. This perhaps explains why SCC’s IT Insights Report for IT Security finds no decrease in commitment to IT Security from senior leadership teams, as now more than ever it’s critical to prioritise what you must do to stay secure during the COVID-19 outbreak and beyond. Due to the increase in remote working, the endpoint is becoming the first entry point target for cyber attacks and organisations are looking at securing these as priority. It is important organisations don’t just rely on traditional anti virus but move towards an end point detection and response (EDR) solution to alert and remediate on malware, ransomware and indicators of compromise (IOC’s). Email security is another area susceptible to outside threats. To reduce the risk of phishing and impersonation attacks it is important to be able to detect, contain and automatically remediate threats inside the email perimeter from internal cyber threats. Security Information and Event Management (SIEM) can be implemented to provide a single pane of glass view to allows real time visualisation and motoring to identify any security threats coming across the organisations network and infrastructure. Due to lack of resource as organisations could have staff on furlough they are looking externally to provide this as a managed service. Zero Trust is the concept that identity sits at the heart of what we do. With remote working now the norm, organisations are looking to enforce policies such as single sign on, Multi Factor Authentication. In addition identity governance is key which allows for automation on the joiner / mover / leaver process and ensures employees only have access to the data and applications relevant for their role. SCC’s works in partnership with our customers to identify their threat level and walk them all the way through the journey, from start to end, with an understanding that IT security is an on-going, ever evolving journey. To SCC, COVID-19 is merely the latest significant event that has changed the current threat landscape for all businesses. Next year, there will be a new threat and once again organisations will need to adapt in order to remain secure. Our IT security solutions fit within business strategies, often opening up new opportunities for better ways of working, quickly and at scale – ideal for responding to unforeseen incidents such as the COVID-19 pandemic. Find out more about SCC’s security solutions here
. If you would like to have a chat about your IT security needs, then please complete the form below:
How we might use your information
Related articles: SCC Security Brochure – Managing the security impact of COVID-19 IT Security: 6 ways to protect your business from within IT security priorities in the aftermath of COVID-19 IT Security: The long-term view post-COVID-19