How businesses rate their own security and compliance risks

SafeGuard Cyber announced the results of a survey of 600 senior enterprise IT and security professionals, conducted to understand how businesses rate their own security and compliance risks in the new digital reality of the workplace brought by the COVID-19 pandemic.

Rate security risks

Respondents were asked to effectively grade their adaptations to date, articulate what gaps still exist, and explain how they’re planning for the future. One-third of respondents reported their entire business process has changed and is still evolving, while 26% said they’ve rushed certain projects that were scheduled for later.

The study revealed the need to harden unconventional attack vectors in cloud, mobile, and social media technologies.

“Everyone in business understands the pandemic has had a seismic impact, but we were still surprised to learn how vulnerable organizations feel about the digital technologies they’ve adopted,” said Jim Zuffoletti, CEO, SafeGuard Cyber.

“Bad actors typically migrate to where the action is, so it makes sense digital communication channels are more likely to be targets. Surprisingly, marketing technologies moved up on the list, and we’re seeing more and more concern for executive leaders.”

Key findings

• A significant disconnect and tension between the perceived security and compliance needs and the level of organizational planning. Despite perceived digital risk around unsanctioned apps, ransomware attacks, and varying tech stacks, only 18% of respondents reported cybersecurity as being a board-level concern.
• 57% of those surveyed cited internal collaboration platforms – like Microsoft Teams and Slack – as the tech stack representing the most risk, followed closely by marketing technologies at 41%.
• 1 in 4 respondents reported Executives’ personal social media as being an area of risk.
• The biggest security and compliance challenge is the use of unsanctioned apps (52%), followed by trying to monitor business communications in multi-regional environments (43%), suggesting global enterprises are seeing more friction in scaling technologies for the digital workspace.
• When it comes to purchasing new technology, 59% cite budget as the top concern, followed very closely by “impact on business outcomes” like revenue growth and agility (56%).

Davis Hake, Co-Founder of Resilience and Arceo.ai, concurred, “Incidents of business email compromise skyrocketed last year according to the FBI, with losses doubling from 2018 to reach $1.3B, but we know that with a move to remote work during the pandemic, cyber criminals aren’t just targeting email, they are increasingly targeting the digital collaboration platforms that are keeping our economy afloat.”

Enterprises are juggling the twin demands of budget constraints and the need to drive business outcomes.

“With the pandemic’s disruption to fundamental operations,” said Otavio Freire, CTO, SafeGuard Cyber.

“Simply saying ‘no’ to channels like WhatsApp or Slack is no longer an option. It’s the way business gets done today. As business leaders look to 2021, they will need security controls that enable rather than block new communication channels in order to sustain growth.”