Over 90% of global organizations were forced to delay key security projects as they transitioned to remote working earlier this year and many stopped patching, exposing themselves to cyber-threats, according to Tanium.
The unified endpoint management and security vendor polled 1000 CXOs to better understand how the pandemic has altered the risk landscape.
It revealed that identity and asset management (39%) and security strategy (39%) were the most common projects that had to be shelved. In the UK, anti-virus and malware sandboxing (37%) and networking zoning (36%) initiatives were most in danger of being delayed.
Patching was also a key challenge for many organizations, with 88% admitting they have experienced difficulties during the pandemic and a quarter (26%) claiming they have completely side-lined the practice. This is despite a huge Microsoft Patch Tuesday workload for admins over the past few months, including the largest ever set of CVEs issued in June.
Many CXOs Tanium polled seem to have had a false sense of confidence at the start of the crisis: 85% said they felt ready for the shift to remote working, but in the end 98% admitted they were caught off guard by security challenges in the first two months.
The top three challenges they faced were: identifying new personal computing devices (27%), overwhelmed VPNs (22%) and security risks to video conferencing (20%).
Further more, 90% of respondents revealed that cyber-threats had increased, with data exposure (38%), business email or transaction fraud (37%) and phishing (35%) the most common attacks.
Tanium CISO, Chris Hodson, argued that many organizations were unprepared for such an abrupt shift to remote working at the start of the pandemic.
“It may have started with saturated VPN links and a struggle to remotely patch thousands of endpoints, but the rise in cyber-attacks and critical vulnerabilities has made it apparent that we’re still far from an effective strategy for the new IT reality,” he added.
“IT leaders need to incorporate resilience into their distributed workforce infrastructure. A key part of this is making sure organizations have visibility of computing devices in their IT environment.”