1,077 respondents across 9 countries are relying more on cloud technologies and seeing more cybersecurity attacks, according to Zogby Analytics Research    

Infoblox Inc., the leader in Secure Cloud-Managed Network Services, and Zogby Analytics unveil research into the ongoing IT challenges posed by the COVID-19 shutdown. Half a year into the shutdown, companies are still playing catch up to optimize their remote work experience. Based on 1,077 responses from the US, the UK, Germany, the Netherlands, Spain, China, Japan, Australia, and Singapore, key survey findings show that: 

• The borderless enterprise is here to stay. More than 90% of decision-makers consider digital transformation and cloud-managed services a priority. The percentage of companies with a majority of employees working remotely more than tripled from 21% before the shutdown to 70% after. 40% of companies, twice the pre-COVID-19 rate, are permanently keeping a majority of workers remote.

• Organizations are still building out their IT infrastructure and security controls to optimize remote work. Organizations say distributing sanctioned devices (35%), building network infrastructure (35%), and securing the network (29%) are top IT challenges when transitioning to remote work. 

• Threat mitigation and network visibility remain the top security concerns for the remote work environment. 68% say better threat detection and or mitigation technologies would enable more remote work for their organizations. Specifically, respondents are looking for better visibility into devices on the corporate network (65%), cloud applications workers are using (61%), and compromised devices (46%). 

• Security incidents are rising. Half of the surveyed businesses are seeing more cyber-attacks—with the biggest jumps in China and Australia—while just a quarter are seeing fewer.

• Companies are reversing policies to allow the use of personal applications to foster collaboration. 63% of companies are allowing workers to connect with each other using applications like WhatsApp, Zoom, and Houseparty. 

• Companies are using cloud security tools, particularly from the DDI family (DNS, DHCP, IP Address Management), to secure the borderless enterprise. 59% of companies plan on making additional investments in DNS to secure their expanded networks.

“When the COVID-19 shutdown started, organizations rushed to enable remote work overnight,” said Kanaiya Vasani, Executive Vice President, Products and Corporate Development at Infoblox. “Their top priority was making sure workers could connect to enterprise applications from their homes—sometimes through unsecured personal devices.”

“While most organizations can now accommodate the basics of remote work, this report highlights the need for more security controls,” Vasani added. “To meet that need, a majority of surveyed companies are turning to DNS to rapidly stand up a foundational layer of security for employees working from home. “Using a hybrid DNS security solution like BloxOne Threat Defense, enterprises can create a ubiquitous layer of visibility and security across their expanded infrastructure.”

“The COVID-19 pandemic will have lasting effects on how organizations invest in cybersecurity. In fact, over 90% of enterprises plan to invest more to secure telework over the next two years. Given a dramatically expanded digital attack surface, thewaves of cyber threats targeting remote workers, and the ongoing cyber skills gap, organizations need to carefully consider what technologies and approaches are needed to secure their telework strategies long-term,” said John Maddison, EVP of Products and CMO at Fortinet. “They have an opportunity to maximize their investments with cybersecurity platforms designed to provide comprehensive visibility and protection across the entire digital infrastructure, including networked, application, multi-cloud, and mobile environments. This ongoing shift to remote work will also require more than just technology; cybersecurity training and awareness should also remain key priorities.”

The Sudden Shift to Telework Was Challenging for Most Organizations

• As the COVID-19 pandemic spread rapidly in the first half of 2020, many organizations were required to shift to telework practically overnight as teams around the globe were asked to stay home. Nearly two-thirds of the firms surveyed had to rapidly transition over half of their workforce to telework. In addition, most respondents said the rapid change presented a challenge to their organization, with 83% citing it as moderately, very, or extremely challenging. Only 3% were not at all challenged.
• In addition, the evolving remote work environment, increased reliance on personal device usage, and overall influx of workers outside the corporate network opened an opportunity for unprecedented cyber threat activity. From opportunistic phishers to scheming nation-state actors, cyber adversaries found multiple ways to exploit the global pandemic for their benefit at enormous scale as evidenced by a recent FortiGuard Labs Global Threat Landscape Report. Threats included phishing and business email compromise schemes, nation-state backed campaigns, and ransomware attacks. In fact, 60% of organizations revealed an increase in cybersecurity breach attempts during the transition to remote work, while 34% reported actual breaches in their networks.
• With a spike in employees remotely connecting to the corporate network, an increase in breach attempts and overall cyber attacks, organizations cited the most challenging aspects of this transition as ensuring secure connections, business continuity, and access to business-critical applications.
• At the time of the survey enterprises had already invested in key technologies as a result of the pandemic. Nearly half of organizations invested further in VPN and cloud security, while nearly 40% invested further in skilled IT professionals or network access control (NAC).

There is Still Room for Improvement: Almost All Enterprises Will Invest More in Secure Telework

Given the number of attempted breaches and overall waves of cyber threats targeting remote workers, organizations need to carefully consider what technologies and approaches are needed to secure telework moving forward. Defense strategies need to be adjusted to fully account for the extension of the network perimeter into the home.

• As of June this year, a long-term shift to telework is anticipated, with nearly 30% of organizations expecting more than half of their employees to continue working remotely full time after the pandemic.
• Almost all organizations expect to invest more to secure telework long-term, with nearly 60% of enterprises spending more than $250,000 in secure telework investments in the next 24 months.
• Moving forward, the majority of enterprises surveyed intend to make unplanned upgrades to their existing systems to secure telework. Many also plan to add new technologies not previously in place.
• Only 40% of organizations had a business continuity plan in place prior to the pandemic. Yet, as a result of the pandemic and the rapid shift to remote work, 32% invested further in this area.

While organizations have made improvements in securing their remote workforces since the beginning of the pandemic, survey data reveals several areas that could be considered opportunities for improving secure remote connectivity. These areas include:

• Multi-factor Authentication (MFA) – The survey revealed that 65% of organizations had VPN solutions in place pre-pandemic, but only 37% of organizations had multi-factor authentication (MFA). While VPNs play an important role in ensuring secure connectivity, they are simply one part of securing access. Therefore, if not already in place, it is recommended that organizations consider integrating MFA into their remote security plans.
  
  
• Endpoint Security and Network Access Control (NAC) – 76% and 72% of organizations plan to either upgrade or adopt NAC or endpoint detection and response (EDR) solutions respectively. As employees work remotely, organizations face challenges to control the influx of non-trusted devices on their networks to enable remote work, creating new security challenges overnight. By adopting NAC solutions, IT teams get increased visibility and control over the users and devices on their network. EDR solutions deliver advanced, real-time threat protection for endpoints both pre- and post-infection.

• Software-defined Wide-area Networking (SD-WAN) for the Home: 64% of organizations plan to either upgrade or adopt SD-WAN, but specifically for the home office. The critical advantage of extending secure SD-WAN functionality to individual teleworkers, especially super users, is that they can enjoy on-demand remote access as well as dynamically scalable performance regardless of their local network availability.
  
  
• Secure Access Service Edge (SASE) – 17% of organizations made investments in SASE prior to the pandemic, and 16% invested in SASE as a result of the pandemic. Still, 58% plan to invest in SASE to some degree going forward. Although SASE is an emerging enterprise strategy, it is increasingly seen as an opportunity to combine network and security functions with WAN capabilities to support the dynamic, secure access needs of today’s organizations.

• Skilled Security Professionals – At the start of the pandemic, only 55% of organizations had enough skilled IT workers in place to support the shift to remote work. And while 73% of organizations stated their intention to invest further in skilled IT workers in the next 24 months, the historical lack of skilled IT security professionals could present a challenge.