Many companies are increasing their spending on cybersecurity in response to the COVID-19 pandemic, with employees working from home a significant reason for the change, many cybersecurity experts say.
Fifty-eight percent of companies represented in a recent Microsoft survey have increased their cybersecurity budgets in response to the pandemic. More than 8 in 10 plan to add security staff.
During the pandemic, “security and IT teams have been working overtime to meet business goals while simultaneously staying ahead of new threats and scams,” a Microsoft blog post said. “An alarming number of businesses are still impacted by phishing scams.”
The pandemic has vastly accelerated company efforts to pump up their cybersecurity defenses while also streamlining and simplifying them, said Andrew Conway, general manager for Microsoft’s security marketing. He said many companies are struggling with complex cybersecurity programs that use multiple security tools from various vendors.
“Companies are looking for simplicity,” he said. “To date, security is too complicated. We’re focused with our customers on … making it easier and making it more integrated.”
Even as many companies increase cybersecurity budgets, more than 80% of companies responding to the survey said that they feel pressure to lower security costs. Nearly a third of companies have frozen cybersecurity hiring during the pandemic, and 19% have cut security staff.
Other cybersecurity experts see the same trend toward increased cybersecurity spending, with the move toward working from home a significant factor.
During the pandemic, an increase in cyberattacks has also prompted many companies to pump up their security budgets, said Dexter Caffey, CEO and founder of document security vendor Smart Eye Technology. Ransomware attacks increased by more than 70% in the first half of the year, he said.
At the same time, more employees are working from home. “The rapid movement to remote workforces is certainly a key factor in companies investing more in cybersecurity,” he said. “Unfortunately, during crises like this, there are people out there looking to take advantage of vulnerabilities, both human and technology vulnerabilities, and that is what happened here.”
At the same time that companies were rapidly shifting to work-at-home mode, geopolitical rivalries have been exacerbated by the pandemic and the upcoming U.S. election, making U.S. adversaries bolder in cyberspace, added Alex Hamerstone, the governance, risk, and compliance practice lead at TrustedSec, a cybersecurity and white-hat hacking company.
Meanwhile, cybercrime has been “booming,” he said. “COVID-19 has proven to be the gift that keeps on giving for cybercriminals. Almost every criminal hacking group in the world is focusing on coronavirus-related attacks or scams in one way or another, from phishing schemes to ransomware extortion.”
In the Microsoft survey, 28% of those responding acknowledged that employees at their companies had fallen victim to phishing attacks.
Working at home has increased companies’ attack surface dramatically, Hamerstone added.
Remote operation “puts an incredible strain on the IT network of any organization but especially larger companies with hundreds or thousands of employees,” he said. “Businesses had a hard enough time preventing data breaches when they could control their own network environment through centralized offices and facilities. Now, that model is largely gone, and it will probably never come back fully, so companies are having to adapt.”
Although there’s not much data about how much companies are increasing their cybersecurity spending, some security experts have seen increases of up to 70% at some companies.
For example, SHIFT, a content protection and encryption vendor, has seen a 50% year-over-year increase in the use of SafeTream, their content security watermarking product, since March, said Eric Wynalek, vice president of strategic initiatives. SHIFT’s customers tend to be broadcasters and studios, and they have seen increased content piracy as more people are stuck at home, he said.
“The enhancement in anti-piracy measures stems from increased streaming due to lockdowns and stay-at-home orders,” he added. “With a dearth of entertainment options, the demand for streaming content is higher, which leads to increased piracy.”
The Microsoft survey found businesses focused on increasing spending on several cybersecurity tools. Twenty percent have invested in multifactor authentication, 17% on endpoint device protections, 16% on anti-phishing tools, and 14% on virtual private networks. All of these technologies can be targeted to employees working from home, experts said.
Microsoft surveyed more than 800 business leaders and employees at large companies based in the United States, United Kingdom, India, and Germany.
