COVID-19 pandemic shifts security spending priorities

They say it’s truly an ill wind that doesn’t blow some good and from a cybersecurity perspective, the COVID-19 pandemic is no exception. Like everyone else, cybersecurity professionals would just as soon not have had the pandemic occur at all. However, as organizations transitioned to working from home along with more aggressively embracing digital business transformation, there appear to be some cybersecurity shifts for the better starting to manifest themselves. 

A survey of nearly 800 business leaders from companies that have more than 500 employees in India, Germany, the United Kingdom, and the United States conducted by Microsoft finds 80% have increased the size of their cybersecurity staffs by either hiring (40%) or by outsourcing tasks to external service providers (40%). 

At the same time, 58% report they have increased their cybersecurity budgets, with 22% citing budget increases in excess of 25% compared to what they were spending prior to the pandemic. Most of that spending has been focused on multifactor authentication (20%), endpoint device protection (17%), anti-phishing tools (16%), virtual private networks (14%), and end-user training (12%). 

Going forward through the rest of this year the top priorities are cloud security (39%), data and information security (29%), network security (27%), anti-phishing tools (26%) and endpoint detection and response (22%). Well over half (59%) said they are now moving toward implementing zero-trust architectures across their IT environments (59%). 

The survey also confirms there has been a spike in phishing attacks, with 90% indicating that phishing attacks have impacted their organization. A total of 28% admitted that attackers had successfully phished their users. 

Less clear is to what degree this increased spending on cybersecurity will last. A full 81% report feeling pressure to lower overall security costs. In the wake of the economic downturn brought on by the pandemic many organizations are trying to determine what level of spending on cybersecurity is sustainable. As always, IT and cybersecurity leaders will feel pressure to do more with less. 

On the plus side, however, appreciation for IT general, and cybersecurity especially, has never been greater. The challenge is finding a way to maintain it once the current crisis subsides. Business leaders are easily distracted each time some new crisis emerges, so IT and cybersecurity leaders need to focus on keeping their attention as much as possible on cybersecurity now that they have. That may be easier now because there’s going to no going back to the way things were before the pandemic. 

Like it or not, most employees will not be spending most of their time working in the office ever again. Digital workspaces that enable employees to work consistently from anywhere will be the new normal.  In some cases, there might not even be an office to return to at all. Some organizations have discovered they really don’t need one to operate. One of the reasons there is so much interest in zero-trust architectures because IT both business and IT leaders have come to realize there simply is no perimeter to hide behind anymore. 

As always, it’s the best and worst of cybersecurity times. IT professionals can look forward to telling tall tales about the bad old days of cybersecurity when nobody cared. It may, however, also take some getting used to the fact that right or wrong now everybody suddenly has a cybersecurity opinion.

By Mike Vizard | Source: Barracuda