A survey by AT&T of 800 cybersecurity professionals in the UK, France and Germany (ostensibly about how the pandemic is affecting corporates cybersecurity posture) indicated that 48% of large businesses (more than 5,000 employees) will change their technology partners in the next year. Other key findings of the survey include:
- 47% expect more digital transformation of business processes and cloud implementation in the next year
- While 88% initially felt well prepared for the migration to remote work, 70% of large businesses now believe the move has made their companies more or much more vulnerable to cyber attacks
- 31% identify a lack of awareness, apathy and/or reluctance to adapt to new technologies as the biggest challenge to good cybersecurity practices
- 25% have not offered additional cybersecurity training to employees
- 24% have not created secure gateways to applications hosted in the cloud or in a data center
The survey results are in line with others in the past few months that show the unprecedented cyber security challenges facing companies since the shift to remote work began. Many companies like strong cyber policies and procedures, and many employees were undertrained in good cyber hygiene, having been forced to use personal devices to access corporate IT networks. Many companies have been slow to ramp up their cyber defenses to meet the new threat. This helps explain why according to the Cyberhedge indices the divergence in market performance between top performing 5-Star companies and poorly performing 1-Star companies has grown significantly since the March lockdowns.
Companies are now finding their footing and implementing protocols to address the new challenges. While the widespread move to remote work has put unprecedented strain on IT systems and therefore the desire for new or improved IT systems is understandable, companies should resist the urge to think that the best solution is for new technology vendors. In some cases a change in vendors may be necessary, but most companies can get better security results by better utilizing their current technology more effectively. Studies show corporate IT systems are currently operating at well less than 50% of full capability. This includes technologies with overlapping capabilities and misconfigurations that lead to wasted resources and increased vulnerabilities.
Managing existing technology more effectively would likely provide greater financial and security outcomes to companies than transitioning to new systems.
In addition, changing vendors means that employees will have to be trained in these new systems. As this—and other—surveys show, companies are already struggling to sufficiently train employees in current systems and good cyber hygiene. Introducing new IT will likely exacerbate this problem and increase vulnerabilities through the transition period and likely beyond.