A new survey from Bitdefender revealed that 50% of infosec professionals did not have a contingency plan to face a situation like the COVID-19 pandemic. The survey “The Indelible Impact of COVID-19 on Cybersecurity” stated that lack of forward planning from organizations resulted in a surge of cyberthreats, with 86% of infosec professionals admitting that attacks in the most common attack vectors were on the rise during the pandemic.
“Cyberwarfare and IoT as an attack vector were reported to be up by 38%, and APTs and cyber espionage IP theft and social media threats/chatbots by 37% — all of which could be an indication of a bumper year for breaches,” the report said.
According to the report, 81% of security professionals believed that COVID-19 will change the regular business operations. The survey found that phishing attacks (26%), ransomware (22%), social media threats/chatbots (21%), cyberwarfare (20%), Trojans (20%), and supply chain attacks (19%), rose during the pandemic. 1 in 3 (34%) of respondents said that they fear that employees are feeling more relaxed about security issues because of their surroundings. Nearly, 33% of respondents reported that employees not sticking to protocol, especially in terms of identifying and flagging suspicious activities.
While 33% of respondents are concerned about their colleagues may fall prey to attacks, 31% cited that the heightened risk of a data breach was caused by unsuspecting employees. 25% of respondents were worried about bad actors targeting remote workforce with malware and ransomware attacks.
Industries Under Attacks
According to the report, the financial services (43%), health care (including tele medicine) 34%, and the public sector (29%) are the hardest hit industries during COVID-19 outbreak, followed by retail (22%), energy (20%), and education (18%). Around 77% of infosec professionals believed that health care was not effectively prepared due to budget constraints.
Liviu Arsene, Global Cybersecurity Researcher at Bitdefender, said, “At least half of organizations admitted they were not prepared for a scenario such as this, whereas the attackers are seizing the opportunity. But within the current situation there is a great opportunity for positive change in cybersecurity. In cybersecurity with high stakes around monetary and reputational loss the ability to change, and change rapidly, without increasing risk is critical. With COVID-19 changing the business landscape for the foreseeable future security strategy has to change. The good news is that the majority of infosec professionals have recognized this need for rapid change, although forced by current by circumstances, and have started taking action.”