Since spending more time at home, my appetite for reading has increased. In fact, I recently picked up again one of my favorites – J. R. R. Tolkein’s Lord of the Rings trilogy. In the first book, The Fellowship of the Ring, a conversation between Frodo and Gandalf goes something like this:
“I wish it need not have happened in my time,” said Frodo.
“So do I,” said Gandalf, “and so do all who live to see such times. But that is not for them to decide. All we have to decide is what to do with the time that is given to us…”
The CTO role keeps changing
Such is also the fate of the Chief Technology Officer (CTO). Many things are beyond their control. Yet, in times of crisis, CTOs are relied upon. They often peer into the future and must address dangers to the business and contend with many unknowns. The key to being a successful CTO is deciding the best things to do with what’s in front of us.
Undoubtedly, COVID-19 has placed extensive demands on CTOs who have had to redesign or redistribute technology resources in rapid order with minimal time to research, strategize and execute.
In partnership with IT managers, hybrid work environments had to be constructed and deployed to accommodate remote workers. The number one priority (in addition to equipping employees with devices) was to secure the distributed network against evolving cybersecurity threats.
Now the question is: where do we go from here? Years’ worth of digital transformation progress was made in a matter of weeks. How will we now maintain and scale these systems for years to come? How do we future proof for other disruptions? These questions are what CTOs and their staff are now grappling with.
Being a CTO is about more than just choosing technology solutions or making sure people can work from home successfully. The CTO role is changing to encompass supply chain resiliency, communications solutions and support for sales teams, preventing technological surprise and meeting broader business unit needs.
In this environment, a CTO’s unique combination of technical and institutional knowledge has only become more vital. The CTO must be much more than a technical expert. They must be knowledgeable about every aspect of the business from HR to Finance and everything in between.
Clearly communicating the evolving role of tech across sales, security and more
According to Deloitte, more than half of CEOs say that tech leaders in their companies will be key drivers of business strategy. Filling that role means wearing many hats, the specifics of which differ from enterprise to enterprise.
The CTO doesn’t necessarily even sit in the same place in every management hierarchy. For example, depending on who runs the IT department, the CIO reports to the CTO, and vice versa. The common thread: CTOs have to be versatile.
Some companies see the CTO as an interface between the firm’s customers and its knowledge, capabilities and products. This is largely a sales leadership role, where a CTO can use their technical expertise to connect services and clients. Other times, the CTO is charged with ensuring employees can interact with one another, enabling collaboration, communication and innovation.
What’s important for any organization today, whether it’s an SMB, federal agency or large enterprise, is that the role of the CTO is adaptable to manage disparate tasks: from serving as a C-suite partner advising on operational decisions to counseling customers on specific services.
Of course, CTOs must understand technology in great detail, but they also need to be able to articulate how technology works in a way that average individuals understand.
They must be able to communicate clearly with decision-makers from all departments on issues ranging from cybersecurity to sales enablement platforms to secure supply chains. This is what we call a “T” shaped individual: depth in their specific field of expertise and breath in all other business areas. The best CTOs are truly Renaissance individuals.
Meeting transformation with expansive knowledge and sharp agility
Research from McKinsey demonstrates that companies that are aware of new technologies and work to build them into their operating models tend to be more successful than those that do not. The responsibility for finding those technologies, understanding them and incorporating them into an enterprise’s strategy at the proper scale falls squarely on the CTO.
Greater digitization has only increased the number of innovative technologies CTOs need to track. The market for global digital transformation products and services is expected to expand at a compound annual growth rate of 22.5 percent from 2020 to 2027.
Greater digitization has also made CTOs more valuable because it has dramatically and substantially expanded their sphere of influence. Increased reliance on technology throughout companies offers CTOs more insights into lines of business and back-office operations.
These insights can be valuable in finding efficiencies and opportunities to innovate. What’s more, the increased reliance on technology means CTOs often have visibility into talent, operations, and partners as well.
As more potential disruptions loom, the fact that every organization looks at its technology roles differently is a good thing, because the people filling those roles also have diverse backgrounds and will bring their own unique perspectives to the job. For example, my own strong background in engineering combined with a doctorate in economics has given me a different view on technologies from some of my peers.
The circumstances surrounding the COVID pandemic have made the blend of deep institutional knowledge and a wide breadth of technical aptitude an essential combination for any agile CTO.
Overall investments in digital resiliency have increased steadily throughout the year as businesses prioritize or accelerate adoption of cloud, collaborative, and digital transformation projects, IDC reveals.
Security has also been a major investment area, driven by the shift to more remote work and accelerated cloud adoption in 2020.
“Digital resiliency refers to an organization’s ability to rapidly adapt to business disruptions by leveraging digital capabilities to not only restore business operations, but also capitalize on the changed conditions,” said Stephen Minton, VP in IDC‘s Customer Insights & Analysis group.
“As the COVID-19 crisis has shown, the ability to respond quickly and effectively to unexpected changes in the business environment are critical to an organization’s short-term success. To prepare for future business disruptions, organizations need plans that will enable them to rapidly adapt as opposed to just respond.
“Investments in digital capabilities not only enable an organization to adapt to the current crisis but also to capitalize on the changed conditions.”
The Digital Resiliency Investment Index
The Digital Resiliency Investment Index is comprised of two factors – digital core investments and digital innovation investments.
Digital core investments are comprised of spending on the core components of digital resiliency: cloud, security, collaborative support for remote workers, and digital transformation projects. This score should increase over time as organizations shift budget away from traditional and legacy IT spending and toward these core components of digital resiliency.
Digital innovation investments are measured using a monthly survey of enterprises on their current and anticipated IT investment focus, including how much new or reallocated spending is targeted at digital resiliency and business acceleration versus crisis response measures. This score should also increase over time as organizations shift their spending focus back to building a digital enterprise.
Overall, investments in cloud, collaboration, and security have managed to grow throughout 2020, despite a decline in overall IT spending.
In recent, months, the focus on resiliency has increased as organizations realize the importance of being prepared for future business disruptions. As a result, digital resiliency spending is expected to accelerate in 2021 as the global economy improves.
Resiliency investments by location
On a geographic basis, resiliency investments grew fastest in Asia/Pacific, in line with the region’s overall response to the pandemic. Investments in the United States improved noticeably in October, which may reflect a combination of short-term and long-term factors.
Meanwhile, Europe’s results declined slightly in October as the region returned to crisis response mode with a surge in coronavirus cases and new socio-economic restrictions.
“The next several months may put increased pressure on some organizations to respond to second waves of COVID infections and economic lockdowns, which will be reflected in our monthly surveys throughout the winter,” said Minton.
“What we have learned already this year is that the organizations which were among the early adopters of cloud, digital, and collaborative technologies were best-positioned for a crisis no one could have predicted.
“Digital resiliency in the coming 6-12 months will to some extent reflect the speed at which others were able to pivot their tech investments in 2020, even as overall budgets were constrained by economic uncertainty.”
CIOs and IT leaders who use composability to deal with continuing business disruption due to the COVID-19 pandemic and other factors will make their enterprises more resilient, more sustainable and make more meaningful contributions, according to Gartner.
Analysts said that composable business means architecting for resilience and accepting that disruptive change is the norm. It supports a business that exploits the disruptions digital technology brings by making things modular – mixing and matching business functions to orchestrate the proper outcomes.
It supports a business that senses – or discovers – when change needs to happen; and then uses autonomous business units to creatively respond.
For some enterprises digital strategies became real for the first time
According to the 2021 Gartner Board of Directors survey, 69% of corporate directors want to accelerate enterprise digital strategies and implementations to help deal with the ongoing disruption. For some enterprises that means that their digital strategies became real for the first time, and for others that means rapidly scaling digital investments.
“Composable business is a natural acceleration of the digital business that organizations live every day,” said Daryl Plummer, research VP, Chief of Research and Gartner Fellow. “It allows organizations to finally deliver the resilience and agility that these interesting times demand.”
Don Scheibenreif, research VP at Gartner, explained that composable business starts with three building blocks — composable thinking, which ensures creative thinking is never lost; composable business architecture, which ensure flexibility and resiliency; and composable technologies, which are the tools for today and tomorrow.
“The world today demands something different from us. Composing – flexible, fluid, continuous, even improvisational – is how we will move forward. That is why composable business is more important than ever,” said Mr. Scheibenreif.
“During the COVID-19 pandemic crisis, most CIOs leveraged their organizations existing digital investments, and some CIOs accelerated their digital strategies by investing in some of the three composable building blocks,” said Tina Nunno, research VP and Gartner Fellow.
“To ensure their organizations were resilient, many CIOs also applied at least one of the four critical principles of composability, gaining more speed through discovery, greater agility through modularity, better leadership through orchestration, and resilience through autonomy.”
Composable business resilience
Analysts said that these four principles can be viewed differently depending on which building block organizations are working with:
- In composable thinking, these are design principles. They guide an organization’s approach to conceptualizing what to compose, and when.
- In composable business architecture, they are structural capabilities, giving an organization the mechanisms to use in architecting its business.
- In composable technologies, they are product design goals driving the features of technology that support the notions of composability.
“In the end, organizations need the principles and the building blocks to intentionally make composability real,” said Mr. Plummer.
The building blocks of composability can be used to pivot quickly to a new opportunity, industry, customer base or revenue stream. For example, a large Chinese retailer used composability when the pandemic hit to help re-architect their business. They used composable thinking and chose to pivot to live streaming sales activities.
They embraced social marketing technology and successfully retained over 5,000 in-store sales and customer support staff to become live streaming hosts. The retailer suffered no layoffs and minimal revenue loss.
“Throughout 2020, CIOs and IT leaders maintained their composure and delivered tremendous value,” said Ms. Nunno. “The next step is to create a more composable business using the three building blocks and applying the four principles. With composability, organizations can achieve digital acceleration, greater resiliency and the ability to innovate through disruption.”
The cybersecurity challenges of the global pandemic are now colliding with the 2020 U.S. presidential election resulting in a surge of cybercrime, VMware research reveals.
Attacks growing increasingly sophisticated and destructive
As eCrime groups grow more powerful, these attacks have grown increasingly sophisticated and destructive – respondents reported that 82 percent of attacks now involve instances of counter incident response (IR), and 55 percent involve island hopping, where an attacker infiltrates an organization’s network to launch attacks on others within the supply chain.
“The rapid shift to a remote world combined with the power and scale of the dark web has fueled the expansion of eCrime groups. And now ahead of the election, we are at cybersecurity tipping point, cybercriminals have become dramatically more sophisticated and punitive focused on destructive attacks.”
Data for the report is based on an online survey of eighty-three IR and cybersecurity professionals from around the world in September 2020.
Incidents of counter IR are at an all-time high, occurring in 82% of IR engagements
Suggesting the prevalence of increasingly sophisticated, often nation-state attackers, who have the resources and cyber savvy to colonize victims’ networks. Destructive attacks, which are often the final stage of counter IR have also surged, with respondents estimating victims experience them 54% of the time.
55% of cyberattacks target the victim’s digital infrastructure for the purpose of island hopping
The pandemic has left organizations increasingly vulnerable to such attacks as their employees shift to remote work – and less secure home networks and devices.
Custom malware is now being used in 50% of attacks reported by respondents
This demonstrates the scale of the dark web, where such malware and malware services can be purchased to empower traditional criminals, spies and terrorists, many of whom do not have the sophisticated resources to execute these attacks.
As we approach the 2020 presidential election, cybercrime remains a top concern
Drawing upon their security expertise – and in line with recent advisories from Cybersecurity & Infrastructure Security Agency (CISA) – 73% of respondents believe there will be foreign influence on the 2020 U.S. presidential election, and 60% believe it will be influenced by a cyberattack.
Despite ongoing economic uncertainty amidst a global pandemic, many dealmakers remain optimistic about the outlook for the year ahead as they increasingly pursue alternative merger and acquisition (M&A) methods to navigate the crisis and pursue new disruptive business growth strategies.
According to a Deloitte survey of 1,000 U.S. corporate M&A executives and private equity firm professionals, 61% of survey respondents expect U.S. M&A activity to return to pre-COVID-19 levels within the next 12 months.
Soon after the WHO declared COVID-19 a pandemic on March 11, deal activity in the U.S. plunged — most notably during April and May.
Responding M&A executives say they tentatively paused (92%) or abandoned (78%) at least one transaction as a result of the pandemic outbreak. However, since March 2020, possibly aiming to take advantage of pandemic-driven business disruptions, 60% say their organizations have been more focused on pursuing new deals.
“M&A executives have moved quickly to adapt and uncover value in new and innovative ways as systemic change driven by the pandemic has resulted in alternative approaches to transactions,” said Russell Thomson, partner, Deloitte & Touche LLP, and Deloitte’s U.S. merger and acquisition services practice leader.
“We expect both traditional and alternative M&A to be an important lever for dealmakers as businesses recover and thrive in a post-COVID economy.”
Alternative dealmaking on the rise
For many, alternative deals are quickly outpacing traditional M&A activity as the search for value intensifies in a low-growth environment.
When asked which type of deals their organizations are most interested in pursuing, responding corporate M&A executives’ top choice was alternatives to traditional M&A, including alliances, joint ventures, and Special Purpose Acquisition Companies (45%) — ranking higher than acquisitions (35%).
Private equity investors plan to remain more focused on traditional acquisitions (53%), while simultaneously pushing pursuit of M&A alternatives — including private investment in public equity deals, minority stakes, club deals and alliances (32%).
“As businesses prepare for a post-COVID world, including fundamentally reshaped economies and societies, the dealmaking environment will also materially change,” said Mark Purowitz, principal, Deloitte Consulting LLP, with Deloitte’s mergers and acquisitions consulting practice, and leader of the firm’s Future of M&A initiative.
“Companies were starting to expand their definition of M&A to include partnerships, alliances, joint ventures and other alternative investments that create intrinsic and long-lasting value, but COVID-19 has accelerated dealmakers’ needs to create more optionality for their organizations’ internal and external ecosystems.”
Virtual dealmaking to continue playing large role post-pandemic
87% of M&A professionals surveyed report that their organizations were able to effectively manage a deal in a purely virtual environment, so much so that 55% anticipate that virtual dealmaking will be the preferred platform even after the pandemic is over.
However, virtual dealmaking does not remain without its own challenges. Fifty-one percent noted that cybersecurity threats are their organizations’ biggest concern around executing deals virtually.
“When it comes to cyber in an M&A world — it’s important to develop cyber threat profiles of prospective targets and portfolio companies to determine the risks each present,” said Deborah Golden, Deloitte Risk & Financial Advisory, cyber and strategic risk leader, Deloitte & Touche LLP.
“CISOs understand how a data breach can negatively impact the valuation and the underlying deal structure itself. Leaving cyber out of that risk picture may lead to not only brand and reputational risk, but also significant and unaccounted remediation costs.”
Other virtual dealmaking concerns included the ability to forge relationships with management teams (40%) and extended regulatory approvals (39%). When it comes to effectively managing the integration phase in a virtual environment, technology integration (16%) and legal entity alignment or simplification (16%) are surveyed M&A executives’ largest and most prevalent hurdles.
“It may be too early to assess the long-term implications of virtual dealmaking as many of the deals currently in progress now are resulting from management relationships that were formed pre-COVID. We also expect integration in a virtual setting will become much more complex a few months from now,” said Thomson.
“Culture and compatibility issues should be given greater attention on the diligence side, as they pose major downstream integration implications.”
International dealmaking declines, focus on domestic-only deals
Interest in foreign M&A targets declined in 2020 as corporate executives reported a significant shift in their approach to international dealmaking, with 17% reporting no plans to execute cross-border deals in the current economic environment, an 8 percentage point increase from 2019.
In addition, 57% of M&A executives say less than half of their current transactions involve acquiring targets operating primarily in foreign markets.
Notably, the number of survey respondents interested in pursuing deals with U.K. targets dropped by 8 percentage points, while Chinese targets declined by 7 percentage points. Interest in Canadian (32%) and Central American (19%) targets remained highest.
71% of CISOs believe cyberwarfare is a threat to their organization, and yet 22% admit to not having a strategy in place to mitigate this risk. This is especially alarming during a period of unprecedented global disruption, as 50% of infosec professionals agree that the increase of cyberwarfare will be detrimental to the economy in the next 12 months.
CISOs and infosec professionals however are shoring up their defenses — with 51% and 48% respectively stating that they believe they will need a strategy against cyberwarfare in the next 12-18 months.
These findings, and more, are revealed in Bitdefender’s global 10 in 10 Study, which highlights how, in the next 10 years, cybersecurity success lies in the adaptability of security decision makers, while simultaneously looking back into the last decade to see if valuable lessons have already been learnt about the need to make tangible changes in areas such as diversity.
It explores, in detail, the gap between how security decision makers and infosec professionals view the current security landscape and reveals the changes they know they will need to make in the upcoming months and years of the 2020s.
The study takes into account the views and opinions of more than 6,724 infosec professionals representing a broad cross-section of organizations from small 101+ employee businesses to publicly listed 10,000+ person enterprises in a wide variety of industries, including technology, finance, healthcare and government.
The rise and fall (and rise again) of ransomware
Outside of the rise of cyberwarfare threats, an old threat is rearing its head — ransomware. During the disruption of 2020, ransomware has surged with as much as 43% of infosec professionals reporting that they are seeing a rise in ransomware attacks.
What’s more concerning is that 70% of CISOs/CIOs and 63% of infosec professionals expect to see an increase in ransomware attacks in the next 12-18 months. This is of particular interest as 49% of CISOs/CIOs and 42% of infosec professionals are worried that a ransomware attack could wipe out the business in the next 12-18 months if they don’t increase investment in security.
But what is driving the rise in ransomware attacks? Some suggest it’s because more people are working from home — which makes them an easier target outside of the corporate firewall. The truth might however be tied to money.
59% of CISOs/CIOs and 50% of infosec professionals believe that the business they work for would pay the ransom in order to prevent its data/information from being published — making ransomware a potential cash cow.
A step change in communication is in high demand
Cyberwarfare and ransomware are complex topics to unpack, amongst many others in infosec. The inherent complexity of infosec topics does however make it hard to gain internal investment and support for projects. This is why infosec professionals believe a change is needed.
In fact, 51% of infosec professionals agree that in order to increase investment in cybersecurity, the way that they communicate about security has to change dramatically. This number jumps up to 55% amongst CISOs and CIOs — many of whom have a seat at the most senior decision-making table in their organizations.
The question is, what changes need to be made? 41% of infosec professionals believe that in the future more communication with the wider public and customers is needed so everyone, both in and organization and outside, better understands the risks.
In addition, 38% point out that there is a need for the facilitation of better communication with the C-suite, especially when it comes to understanding the wider business risks.
And last, but not least, as much as 31% of infosec professionals believe using less technical language would help the industry communicate better, so that the whole organization could understand the risks and how to stay protected.
“The reason that 63% of infosec professionals believe that cyberwarfare is a threat to their organization is easy,” said Neeraj Suri, Distinguished Professorship and Chair in Cybersecurity at Lancaster University.
“Dependency on technology is at an all-time high and if someone was to take out the WiFi in a home or office, no one would be able to do anything. This dependency wasn’t there a few years back–it wasn’t even as high a few months back.
“This high dependency on technology doesn’t just open the door for ransomware or IoT threats on an individual level, but also to cyberwarfare which can be so catastrophic it can ruin economies.
“The reason that nearly a quarter of infosec pros don’t currently have a strategy to protect against cyberwarfare is likely because of complacency. Since they haven’t suffered an attack or haven’t seen on a wide scale–the damage that can be done–they haven’t invested the time in protecting against it.”
Diversity, and specifically neurodiversity, is key to future success
Outside of the drastic changes that are needed in the way cybersecurity professionals communicate, there’s also a need to make a change within the very makeup of the workforce. The infosec industry as a whole has long suffered from a skills shortage, and this looks to remain an ongoing and increasingly obvious issue.
15% of infosec professionals believe that the biggest development in cybersecurity over the next 12-18 months will be the skills gap increasing. If the skills deficit continues for another five years, 28% of CISOs and CIOs say they believe that it will destroy businesses.
And another 50% of infosec professionals believe that the skills gap will be seriously disruptive if it continues for the next 5 years.
Today, however, it will take more than just recruiting skilled workers to make a positive change and protect organizations. In 2015, 52% of infosec workers would have agreed that there is a lack of diversity in cybersecurity and that it’s a concern.
Five years later, in 2020, this remains exactly the same — and that is a significant problem as 40% of CISOs/CIOs and infosec professionals say that the cybersecurity industry should reflect the society around it to be effective.
What’s more, 76% of CISOs/CIOs, and 72% of infosec professionals, believe that there is a need for a more diverse skill set among those tackling cybersecurity tasks. This is because 38% of infosec professionals say that neurodiversity will make cybersecurity defenses stronger, and 33% revealed a more neurodiverse workforce will level the playing field against bad actors.
While it’s clear that the cybersecurity skills gap is here to stay, it’s also clear why changes need to be made to the makeup of the industry.
Liviu Arsene, Global Cybersecurity Researcher at Bitdefender concludes, “2020 has been a year of change, not only for the world at large, but for the security industry. The security landscape is rapidly evolving as it tries to adapt to the new normal, from distributed workforces to new threats. Amongst the new threats is cyberwarfare.
“It’s of great concern to businesses and the economy — and yet not everyone is prepared for it. At the same time, infosec professionals have had to keep up with new threats from an old source, ransomware, that can affect companies’ bottom lines if not handled carefully.
“The one thing we know is that the security landscape will continue to evolve. Changes will happen, but we can now make sure they happen for better and not for worse. To succeed in the new security landscape, the way we as an industry talk about security has to become more accessible to a wider audience to gain support and investment from within the business.
“In addition, we have to start thinking about plugging the skills gap in a different way — we have to focus on diversity, and specifically neurodiversity, if we are to stand our ground and ultimately defeat bad actors.”
While the COVID-19 outbreak has disrupted the lives and operations of many people and organizations, the pandemic failed to interrupt onslaught of malicious emails targeting people’s inboxes, according to an attack landscape update published by F-Secure.
Increase of malicious emails utilizing COVID-19 issues
Beginning in March and continuing through most of the spring, there was a significant increase of malicious emails utilizing various COVID-19 issues as a lure to manipulate users into exposing themselves to various email attacks and scams.
Common COVID-19-related campaigns included in these emails range from attempting to trick users into ordering face masks from phony websites to infecting themselves with malware by opening malicious attachments.
Three-quarters of attachments in these emails contained infostealers – a type of malware that steals sensitive information (such as passwords or other credentials) from an infected system.
“Cybercriminals don’t have many operational constraints, so they can quickly respond to breaking events and incorporate them into their campaigns. The earliest days of the COVID-19 outbreak left a lot of people confused or worried, and attackers predictably tried to prey on their anxieties,” said Calvin Gan, a manager with F-Secure’s Tactical Defense Unit.
“Spotting malicious emails isn’t typically a priority for busy employees, which is why attackers frequently attempt to trick them into compromising organizations.”
Additional trends from the first half of 2020
- Finance was the most frequently spoofed industry in phishing emails; Facebook was the most frequently spoofed company
- Email was the most popular way of spreading malware, and accounted for over half of all infection attempts
- Infostealers were the most common type of malware spread by attackers; Lokibot was the most common malware family
- Telnet and SSH were the most frequently scanned IP ports
The report also notes that attacks leveraging cloud-based email services are steadily increasing and highlights a significant spike in phishing emails that targeted Microsoft Office 365 users in April.
“Notifications from cloud services are normal and employees are accustomed to trusting them. Attackers taking advantage of that trust to compromise targets is perhaps the biggest challenge companies need to address when migrating to the cloud,” explained F-Secure Director of B2B Product Management Teemu Myllykangas.
“Securing inboxes in general is already a challenge, so companies should consider a multilayer security approach that combines protection technologies and employee education to reduce their exposure to email threats.”
Fraudsters are decreasing their schemes against businesses, but increasing COVID-19 focused scams against consumers online, according to TransUnion.
Fraudsters less targeting businesses
The percent of suspected fraudulent digital transactions against businesses worldwide decreased 9% from the beginning of the pandemic (“phase 1,” March 11-May 18) to when businesses began reopening (“phase 2,” May 19-July 25). In contrast, consumers targeted by digital COVID-19 schemes increased 10% from the early days of the pandemic (week of April 13) to more recently (week of July 27).
“With the rush for businesses to go digital as many were forced to go completely online almost overnight, fraudsters tried to take advantage,” said Shai Cohen, senior vice president of Global Fraud Solutions at TransUnion.
“They were most likely unsuccessful in their attempts and took their scams elsewhere as those businesses ramped up their digital fraud prevention solutions while providing a friction-right consumer experience. Conversely with consumers, fraudsters are increasingly using COVID-19 to prey on those persons who are facing mounting financial pressures.”
In contrast to the recent suspected fraud decrease against businesses, when comparing phase 1 (March 11-May 18) to right before the pandemic (Jan. 1-March 10), there was a 6% rise in suspected digital fraud against businesses.
Fraudsters shifting industries
When comparing digital transactions pre-pandemic to during the pandemic (March 11-July 25), suspected fraud against businesses remained relatively flat, increasing 1%.
“It appears fraudsters assume travel & leisure companies are scrutinizing transactions less in order to capture more revenue as the pandemic continues to severely negatively impact their business,” said Melissa Gaddis, senior director of customer success, Global Fraud Solutions at TransUnion.
“Another interesting note is that telecommunications, e-commerce and financial services companies – all industries that have fared relatively well during the pandemic – were targeted with the most digital fraud early in the pandemic but are now among the least targeted. This shows us that fraudsters initially targeted the hottest industries with the most money to be had early in the pandemic in order to hide behind the rush of transactions but have now made an obvious shift.”
Globally across industries, the countries with the highest percentage of suspected fraudulent transactions were: 1) Kazakhstan, 2) Greece and 3) Cyprus. In the U.S. overall, the cities with the highest percent of suspected fraudulent transactions were: 1) Livonia, Mich. 2) Akron, Ohio and 3) Jackson, Miss.
Consumers targeted by COVID-19 schemes
To better understand the impacts of COVID-19 on consumers, 8,265 adults in Canada, Colombia, Hong Kong, South Africa the U.K. and the U.S. were surveyed the week of July 27.
32% of respondents said they had been targeted by digital fraud related to COVID-19, with Gen Z (age 18-25) being the most targeted at 36%. Among consumers reporting being targeted with digital COVID-19 schemes globally, the top pandemic-themed scam is phishing with 27% saying they were hit with it.
Despite the survey showing Baby Boomers were the generation least targeted with digital COVID-19 scams, among consumers reporting being targeted they were the age group saying they faced the highest percentage of COVID-19 themed phishing scams.
“Phishing shows fraudsters aren’t after a quick hit, but rather looking for the long haul,” said Gaddis. “Once a fraudster steals consumer credentials, the wave of disruption they can cause with a stolen or synthetic identity is endless from compromising multiple online accounts to significantly impacting credit scores.”
Umpqua Bank released a survey gauging the impact of the COVID-19 pandemic on the confidence and future of U.S.-based small and mid-size businesses. More than 1,200 leaders at companies across all industries and geographic regions were surveyed on how their businesses are responding and what they will need in the months ahead to navigate successfully through a once-in-a-lifetime global pandemic event.
“There’s no denying that the pandemic’s economic impact is deep and continues to be painful for businesses, but there is reason for measured optimism,” said Umpqua Bank President Torran Nixon.
“Small and mid-size businesses are showing resilience and ingenuity in the face of unprecedented disruption and uncertainty. Our research indicates that many have already made strategic pivots that in some cases have made them more competitive, and many more are preparing to pull all the levers at their disposal to emerge healthier, more efficient and better able to serve their customers in the long run.”
Survey participants come from businesses that weathered the initial economic shutdown but face continued uncertainty and are a primary audience for financial assistance through the federal Paycheck Protection Program.
They represent a broad cross-section of U.S. enterprises that drive significant job creation and prosperity, including middle market companies with at least $10 million in annual revenue that contribute $6 trillion to the U.S. economy annually and employ 44 million Americans.
Pandemic investments in tech, automation accelerate
Even as a significant majority of mid-size companies delay or cut spending in several areas, including outside vendors, marketing and promotions, hiring and benefits, nearly 5 in 10 have increased spending on technology, digital transformation or automation.
More than 80% of businesses have already begun automating or plan to automate tasks previously performed by workers, and 76% are exploring ways to digitize the customer experience.
Though smaller businesses are less likely to have concrete plans to make these shifts, moving toward automation and digital customer experience still rank as two of the top priorities for 29% and 46% of small businesses, respectively.
Companies adapting and reinventing their business
Mid-size companies in particular are making significant changes to lines of products and services, with 75% reporting they have or plan to do so. Roughly 30% of small businesses report a similar strategic shift.
Nearly 80% of mid-size companies have already (17%) or are likely (61%) to make changes to their pricing model.
The potential of long-term workplace changes
The U.S. workforce has experienced significant upheaval in recent months. According to the report, some of the changes could have long-lasting impact. Remote workplace, for example, could be here to stay as nearly 8 in 10 mid-size and almost 50% of small businesses are moving now and planning in the future to allow more employees to work from home.
More than 60% of mid-size companies are also likely to replace current employees to add different skillsets, as well as move away from a traditional staffing model in favor of utilizing more contract workers.
Measured 12-month optimism is coupled with planning for expansion
Nearly 7 in 10 businesses expect their revenue to remain stable (40%) or increase (29%) the next year. Another 66% expect their profitability to remain stable (40%) or increase (26%) in the next year.
Despite the challenging environment, roughly 70% of mid-size businesses are also thinking about expansion plans, with businesses in the Western U.S. leading all other regions in planning.
Some businesses are stronger, focused on positive, long-term changes
Though many businesses have been negatively impacted by the pandemic, not all businesses have been impacted adversely. Nearly a quarter of businesses report a stronger competitive advantage. Another 41% say they’re adapting and making changes that will make them profitable and competitive long term.
According to Richard Cabrera, Umpqua’s head of commercial & corporate banking, there’s tremendous opportunity for financial institutions to continue rising to the occasion following the Paycheck Protection Program by providing tailored solutions that preserve cashflow and create efficiencies necessary to remain competitive in the current and post-COVID economy.
“The stakes in the current economy are high, and the pandemic is clearly forcing companies to carefully consider key aspects of their business and go-forward strategy,” said Cabrera.
“With the help of experts in banking and other professional services, many small and mid-size enterprises will emerge from this crisis looking and behaving very differently, which likely will contribute to significant shifts in the U.S. economy as a whole.”
IT teams require comprehensive visibility into the network driven by a number of factors, including tremendous disruption from the COVID-19 pandemic, relentless technological advances, remote working reaching an all-time high and the expanding security threatscape, according to VIAVI Solutions.
Indeed, 73 percent of respondents said security professionals need comprehensive visibility into network infrastructure to enhance cybersecurity efforts and speed remediation.
Rise in cyberthreats during pandemic
During the global pandemic, infosec professionals are reporting a rise in cyberthreats. And as enterprises increase connectivity, networks are even more exposed to vulnerabilities.
54 percent of respondents have already deployed IoT devices. While another 24 percent of respondents plan to do so in the next 12 months, only 57 percent of them have a mechanism in place to monitor those devices.
In an age of dynamic disruption, IT is increasingly challenged to maintain optimal service delivery, while implementing remote working at an unprecedented scale. It’s not surprising, then, that nearly 60 percent of study respondents cite the need for greater visibility into remote user experiences.
The top challenge for troubleshooting applications is the ability to understand end-user experience (nearly 47 percent).
“As remote working becomes the new norm, IT teams are challenged to find and adapt technologies, such as flow-based reporting to manage bandwidth consumption, VPN oversubscription and troubleshooting applications. To guarantee the best performance and reduce cybersecurity threats, increasing network visibility is now a must for all businesses,” said Charles Thompson, Senior Director, Enterprise and Cloud, VIAVI.
“By empowering NetOps, as well as application and security teams with network visibility, IT can mitigate the impact of disruptive migrations, incidents and new technologies like SD-WAN to achieve consistent operational excellence.”
- A surge in remote users is challenging network and security teams, as evidenced by nearly 60 percent seeking more visibility
- Roughly three out of four respondents agree or strongly agree that SecOps teams need better visibility into network infrastructure to enhance cybersecurity efforts, suggesting that effective collaboration between NetOps and SecOps leads to stronger security posture and faster incident response
- The top troubleshooting challenge that IT network teams now face is understanding end-user experience (nearly 47 percent)
- Among organizations of all sizes, the most used KPI for assessing end-user experience is packet-based metrics (45 percent) followed closely by user-satisfaction metrics (41 percent)
- 54 percent of survey respondents have already deployed IoT devices, yet only 57 percent of those have a mechanism in place to monitor those devices, leaving their networks exposed to vulnerabilities
- SD-WAN has gone mainstream, with the primary motivations for deployment being cost savings (58 percent) and business continuity (50 percent)
The pandemic has irrevocably changed the way businesses everywhere operate, crystallizing the link between a robust IT infrastructure and business continuity. According to a survey of IT professionals from Insight Enterprises, only 24% of businesses were able to adapt to the new environment with no downtime, while 56% said 2 or fewer weeks of downtime.
The report further reveals that 46% of IT professionals felt extremely or very prepared to pivot to the new business landscape.
Consequently, businesses could be more proactive about involving IT in contingency planning: 40% of survey respondents reported having to develop or refine business resiliency plans in response to the pandemic.
“COVID-19 has delivered a crash course in agility for organizations of all stripes,” said Mike Gaumond, senior vice president and general manager, Connected Workforce at Insight.
“The pandemic accelerated the long-brewing shift from an on-site to dispersed workforce and forced companies to reckon with their technology shortfalls. The businesses that have adapted successfully are the ones that kept an eye on the horizon.”
You cannot enable remote work without managing it, as well
About half (49%) of survey respondents said their IT priorities were very impacted by the pandemic. When asked to share their top priorities before and after the pandemic, although equipping remote workers has been an essential initiative, managing that infrastructure grew in importance more than other priorities for IT professionals.
However, no IT initiative took precedence over security – half of respondents cited improving data and network security and recovery as a top 3 priority both before and after COVID-19.
Technology will be central to employee safety today and tomorrow
Just as technology – and the professionals charged with managing it – has been essential to helping employees stay connected and productive during extended stay-at-home orders, it also will play a critical role in bringing employees back into the workplace.
According to the survey, IT departments are very focused on investing in technologies that will help protect employee health:
- 58% plan to invest in smart personal hygiene devices, such as connected hand sanitizer stations
- 36% plan to invest in contactless sensors
- 35% plan to invest in infrared thermometers
- 25% plan to invest in thermal cameras
In addition, one-third said they are considering an Internet of Things ecosystem that allows them to aggregate and analyze all of the inputs they gather from these devices.
In today’s new normal, 79% expect IT to take on a greater role within their organization than prior to the pandemic. 65% believe their company is now “very” or “extremely prepared” to handle a situation similar to COVID-19 from an IT perspective. Yet 65% cited business continuity planning or the ability to work remotely as their biggest lesson learned from the impact of COVID-19.
“Now that the initial shock has passed, enterprises are starting to think about how to re-establish a sense of routine. Are the changes they made a few months ago right for their organization moving forward, or do they need to re-evaluate how to shore up new vulnerabilities, improve efficiencies and reduce expenses in the long run?” said Matt Jackson, VP, Digital Innovation at Insight.
“Making continued investments in ‘what’s next’ – from AI to virtual workspaces – has only taken on heightened importance in this new world of digital engagement.”
The situation only slightly improves looking ahead to 2021, with 84% expecting a continued impact. And 74% of respondents expect a second wave of COVID-19 impact, with 51% planning to move more applications to the cloud to prepare for it.
Cloud adoption accelerating for some, slowing for others
The impact on businesses’ cloud adoption plans – with 40% currently accelerating their move to the cloud – has led to increases across a range of related decisions as companies prepare for future COVID-related shutdowns. When asked to select all that apply, the top choices on this topic were:
- 51% are planning to move more applications to the cloud
- 39% expect to be 100% in the cloud
- 32% are starting a move to the cloud
On the flip side, 24% of all respondents said they are slowing down their move to the cloud because of COVID-19’s impact. The U.S. indicated the highest percentage of slowing (36%), while the U.K. had the lowest (12%).
Specific to cloud databases, when asked what would prevent them from going “all-in” (choosing all that apply), the results showed:
- Security: 73%
- Price: 46%
- Compatibility: 45%
- Scalability: 35%
- Migration: 33%
- Lack of multi-cloud offering: 21%
With 74% of respondents expecting new challenges because of a second wave of the pandemic, technologists are implementing a variety of technology changes to prepare for future shutdowns.
- The two strategies being implemented most are (choosing all that apply): Set up remote access for all employees (57%) and move more applications to the cloud (51%).
- 46% of respondents are implementing “forever” work-from-home (WFH) strategies.
- European respondents favor implementing remote access setups and permanent WFH strategies as the top two priorities to combat the fallout from the pandemic.
- U.S. respondents agree on the top priority of favoring remote access setups, but differ on the second priority, indicating that moving applications to the cloud was #2.
In-person technology events – see you next year
One of the early consequences of the COVID-19 pandemic was the cancellation of in-person corporate and technology events. While an overwhelming number of respondents miss these in-person events, 70% said the earliest they would consider attending an in-person technology event would be in 2021.
- 73% of respondents indicated missing corporate and technology events “very much” or “extremely.”
- 26% of respondents would consider attending an in-person technology event this year (2020), while 70% indicated the earliest they would attend would be in 2021.
- U.S. respondents were more evenly split compared to Europeans. In the U.S., 41% said they would consider an in-person event this year while 58% said next year would be the earliest.
- 95% of respondents will change their ongoing technology event behavior as a result of COVID-19, with 25% saying they will only attend online events, 69% attending more online events, and 1% not attending any events at all.
Digital transformation has tipped from buzzword to baseline in the middle market, and not a moment too soon. As the COVID-19 pandemic threatens the health of people and businesses across every sector, middle market companies that have built resiliency into their business through digital transformation have more tools to endure disruption.
The good news: BDO’s survey, which polled 600 C-level executives, finds that 100% of respondents are currently implementing a digital transformation strategy or are in the process of developing one.
However, with virtually all businesses planning for digital transformation and a challenging economic climate ahead, the stakes are higher than ever.
“But now more than ever, it’s critical to continue developing digital capabilities that enable success for both the present and future. Deploying digital initiatives strategically can help protect revenues and identify unmet customer needs.”
While the pandemic has likely shifted short-term business objectives to focus on operational efficiency and effectiveness, in the long term, middle market executives say that the top objectives for their digital strategy are diversifying revenues and modernizing IT infrastructure.
Middle market companies point to four key value drivers of digital transformation.
Enhanced operational efficiency: A majority of C-level executives (58%) say increasing operational efficiencies is a top short-term business goal. Adapting to change and volatility in this environment requires greater agility and urgency, and the ability to do more with less.
Breaking down artificial barriers within an organization can help integrate processes with the flow of information, which enables better collaboration and decision-making.
Stronger digital resilience: As millions shift to remote work, pivot production to new sites and double down on digital revenue streams, cyber threats are escalating. With the stakes for digital resilience high, a plurality of executives (39%) cite cyberattacks as their top digital threat and 59% say bolstering cybersecurity is one of their top short-term business goals.
Improved customer experience: Businesses will fight to preserve revenue during this period of economic disruption, and customer retention can be the difference between sustaining through the crisis and not.
As customer behaviors shift, digital transformation can help provide customers with better service and, perhaps more importantly, identify unmet needs. This will be essential to staying relevant in a dynamic market. 68% say improving customer experience is their top short-term business goal, and 22% cite it as their #1 digital priority.
Revenue opportunity: Cash flow is now a critical challenge for many middle market companies, but digital transformation can help them protect and increase revenue.
As companies adapt their approach to priority goods and services and identify opportunities for growth in the new market, data-driven planning and innovation is critical. In the long-term, diversifying revenue is companies’ most-cited business objective.
Digital transformation roadblocks
With digital transformation in the works across the middle market, the devil will be in the details. C-level executives are up against several challenges.
Crisis: For many organizations, the pandemic’s impact on their employees, suppliers and customers makes it an existential business threat. But bracing and hoping for a “return to normal” rather than responding and adapting for resilience risks obsolescence.
This crisis should serve as the catalyst for accelerating digital transformation and adoption across an organization, as well as increasing the willingness to experiment, learn and scale within a compressed timeframe.
Change management: The data is clear—a robust change management plan can make or break a digital initiative. Middle market companies point to lack of skills or training (41%), employee pushback (30%), poor communication or project management (28%) and lack of leadership or vision (28%) as top reasons for digital efforts failing.
Change readiness is a function of culture, commitment and capacity to meet the objective and see it through. In a time of competing priorities, systemizing an approach to change management is more essential to organizational agility than ever.
Cash flow: C-level executives point to budget and resource constraints as a top challenge to moving forward with a new digital initiative. However, even as priorities shift to adapt to the new market, the case for digital spending is growing, not shrinking.
Leaders of digital transformation will need to make the business case for how spending on digital initiatives can help preserve revenue and capital to make the entire business more resilient.
Having a robust digital strategy is no longer a differentiator for banking, insurance and asset management industries. According to the survey, execution is essential.
In a new market, finance executives are shifting their digital strategy towards initiatives that provide a seamless customer interaction, address unmet needs and shore up cybersecurity protections to safeguard data.
Telehealth and digital-enabled care have reached a tipping point in healthcare’s response to the pandemic. As consumer care needs evolve, the survey shows that the era of value-based care has arrived in full force and healthcare organizations are focused on agility, ensuring better upstream and downstream care coordination and reimagining the drug and medical supply chain to improve care.
As COVID-19 makes the business case for Industry 4.0 an imperative, manufacturers that have led in innovation are better poised to weather today’s storms. This is not lost on manufacturers: One-third are currently implementing their Industry 4.0 strategy, up from just 5% in 2019, according to the survey.
Retailers have long been champions for digital innovation and transformation. Today, it’s a requirement for both success and agility amid brand new customer behavior and changing needs.
Retailers are transforming with intention to keep pace with the “Amazonification” of the retail ecosystem. They are especially focused on improving the customer experience to attract and retain interest from the uptick in homebound consumers shopping online.
Middle market technology companies are helping to enable resilience across multiple sectors, but must also build up internal efficiency and security to meet the moment. For technology companies, there is a balance between risk and innovation as they refocus on infrastructure, ethics, and reliability to navigate new regulation and enhance trust with consumers.
Mid-market power generation companies must navigate COVID-19’s impacts and ensuing economic fallout by lowering production costs and boosting operational efficiencies, while simultaneously improving the speed and reliability of service as they move toward cleaner energy sources.
The survey finds they are focusing their technology spending on driving operational efficiencies and adopting new business or revenue models.
Technology executives, C-suite leaders and senior executives in areas such as IoT, DevOps, security, and embedded development—from both the U.S. and China are realigning their focus during the COVID-19 pandemic, Wind River reveals.
Seismic events can disrupt our focus and thinking and force reassessment of drivers of future business success. The current pandemic is one of those major events producing a worldwide impact, especially given its reverberations on the two largest global economies, the U.S. and China.
Looking inside the minds of technology executives in major sectors such as telecommunications, healthcare, automotive, aerospace, and manufacturing/industrial provides a view into how leaders are redirecting their focus and accelerating or delaying investments.
The report surveyed 400 senior-level technology executives from the U.S. and China at enterprises with revenues ranging from $100 million to $1 billion.
Most are focusing on surviving the crisis
With COVID-19–related challenges creating new pressures, enterprises are rapidly falling into the categories of simply surviving, pivoting to adapt to new realities, or doing nothing.
While the U.S. and China are in different phases of the pandemic, in several aspects the responses from each country split in similar ways. More than 1 in 3 executives—39% of U.S. and 43% of Chinese leaders—are focusing on surviving this crisis, while 35% in the U.S. and 33% in China are spurred to make a transformation due to COVID-19.
The enterprises focused on transforming have a much higher propensity to accelerate key technology investments compared to those who are merely surviving. Those with a desire to digitally transform are placing 50%+ extra focus on key investment areas such as 5G, containers, and cloud native.
Technologies to focus on
The research findings among these leaders indicate that they understand the core technology components that will be vital for digital transformation. For these enterprises, executives are increasing spend in the following areas:
- 5G projects: by 63% in China, 37% in the U.S.
- Cloud-based application development: by 62% in China, 35% in the U.S.
- AI: by 61% in China, 37% in U.S.
- Container-based development: by 56% in China, 38% in U.S.
- IoT: by 60% in China, 33% in U.S.
- Applications at the edge: by 57% in China, 25% in U.S.
Executives placing more importance on DevOps
As enterprises have had to implement changes to their business processes due to the pandemic, 98% in China and 90% in the U.S. note that their ability to meet customer demands has been impacted. Given recent needs, the interest in growing DevOps practices has risen across enterprises, with executives now placing more importance on DevOps (46% in U.S., 36% in China).
Regardless of region, most enterprises realize that the road ahead will be tough. Fifty percent of enterprises in the U.S. and 77% in China are seeing heavier workloads across their teams. They also anticipate the need to implement major initiatives such as accelerating new business models (83% in U.S., 89% in China) and building in more agile development (82% in U.S., 86% in China).
Transformative focus and skills are required
To tackle these challenges, there is a clear recognition among leaders that they will require transformative focus and skills. Therefore, in order to successfully lead a digital transformation, C-suite leaders and executives in DevOps/DevSecOps and IoT anticipate increased importance in their roles (ranging from 60%+ in the U.S. to 73%+ in China) as their businesses exit COVID-19.
As the world grapples with the disruption caused by COVID-19 and enterprises begin to understand major gaps and the resources required to deliver on customer needs, they must identify the right strategies and experts to help them accelerate a digital transformation and realize long-term success beyond the pandemic.
Unexpected downtime is a major challenge for SMBs today. The IT systems of nearly a quarter of SMBs have gone offline in the past year, according to a research from Infrascale.
SMBs said the downtime creates business disruption and decreases employee productivity. 37% of SMBs in the survey group said they have lost customers and 17% have lost revenue due to downtime.
“Customer retention is essential for business success,” said Russell P. Reeder, CEO of Infrascale. “It can cost up to five times more to attract a new customer than to retain an existing one, and when customers leave, businesses lose out on vital profit and operational efficiencies. Especially in today’s competitive environment, it’s challenging enough to retain customers. With all the cost-effective solutions available, downtime shouldn’t be a reason for concern.”
19% of SMBs admit that they do not feel their businesses are adequately prepared to address and prevent unexpected downtime. Of those SMBs that said they feel unprepared for unexpected downtime, 13% said they do not feel their business is prepared for unexpected downtime because they have limited time to research solutions to prevent downtime.
28% attributed not feeling prepared for unexpected downtime due to IT teams at their organization being stretched. The same share (28%) said they don’t think their business is at risk from unexpected downtime. Yet 38% of SMBs said they don’t know what the cost of one hour of downtime is for their businesses.
The research is based on a survey of more than 500 C-level executives at SMBs. CEOs represented 87% of the group. Most of the remainder was split between CIOs and CTOs.
Downtime can prompt valuable customers to head for the exit
“Customers today are extremely demanding,” said Reeder. “They are intolerant of delays and downtime.”
Thirty-seven percent of the SMB survey group admitted to having lost customers due to downtime issues. This problem was especially pronounced among business-to-business entities; 46% of B2B businesses have experienced such a loss. As for business-to-consumer SMBs, 25% said they have lost customers due to downtime problems.
Downtime also leads to business disruption and loss of productivity and reputation
Loss of customers and revenue are just two of the downsides of IT system-related downtime. Downtime also can hurt employee productivity and adversely impact a company’s reputation.
SMBs said the biggest downtime risks are business disruption (29%) and decreased employee productivity (21%). As noted above, 17% have lost revenue. Reputation impact (16%) and cost (13%) came in next.
Software failure (53%) and cybersecurity issues (52%) are the most common causes of the downtime that creates these business challenges. A significant but far smaller share of the SMB survey group blamed downtime on hardware failure (38%), human error (36%), natural disaster (30%), and/or hardware theft (24%).
SMB downtime may not last long, but it is still costly
10% of SMBs said their per-hour downtime cost was more than $50,000. Thirteen percent said their per-hour downtime cost was between $40,001 and $50,000.
25% of SMBs said the per-hour cost of downtime for their business was between $20,001 and $40,000. A slightly larger share (26%) said they incur a loss of $10,000 to $20,000 for each hour of downtime, while 27% said their cost of downtime per hour was under $10,000.
The good news is that the survey group indicated downtime typically lasts for minutes instead of hours. 22% of the survey group said their downtime events typically last anywhere from five to 15 minutes.
Just 17% of the group said their downtime commonly stretches on for 15 to 30 minutes, and another 17% said an hour. Just 6% said over an hour.
“The downtime duration results may seem reassuring, but in today’s challenging and fast-moving business environment, every second counts,” said Reeder. “Even if your company was down for minutes, just think of the reputational damage it can cause as well as real costs when data cannot be recovered. There is really no excuse these days for not backing up your data.”
Despite the many downsides of downtime, some SMBs remain unprepared
19% of the B2B survey group said they do not feel their business is prepared for unexpected downtime, and B2C organizations feel even less prepared. 27% of B2C survey participants said they believe their business is unprepared for unexpected downtime.
“These survey results illustrate that there’s plenty of room for improvement when it comes to business uptime,” Reeder added.
“Organizations can benefit from application and server backup, ransomware mitigation, disaster recovery as a service (DRaaS), encryption, and state-of-the-art endpoint protection. Investments in such solutions enable them to avoid downtime and enjoy business continuity, which are essential for a growing and thriving business.”
The total number of publicly reported breaches in Q1 2020 has decreased by 42% compared to the same period last year, Risk Based Security reveals.
Publicly reported breaches in Q1 2020 drop dramatically compared to 2019
Despite this, the number of records exposed for this quarter skyrocketed to 8.4 billion – a 273% increase compared to Q1 2019, and a record for the same period since at least 2005, when detailed reporting began.
“Although the total number of publicly disclosed breaches in Q1 2020 dropped dramatically compared to 2019, this should not be interpreted as a decline in breach activity,” commented Inga Goddijn, Executive Vice President at Risk Based Security.
“We observed two factors driving this change. First, a large number of illicit data leaks and dumps were identified in early 2019, resulting in a temporary spike in activity. Similar spikes had been captured in the fall of 2018 and 2017, but this trend was absent from the start of 2020.
“The second factor is the disruption triggered by COVID-19. As the virus spread, so did a decline in breach disclosures. The turmoil that the pandemic has brought has created a unique opportunity for malicious actors and a stressful environment primed for mistakes.
“Once the dust settles, we anticipate the number of reported breaches will be on par with, if not exceed, 2019.”
A misconfigured ElasticSearch
The report explores in further detail how the pandemic, and the ensuing economic impact, has laid the groundwork for successful cyber attacks.
“The increase in records compromised was driven largely by one breach; a misconfigured ElasticSearch cluster that exposed 5.1 billion records. But even if we adjusted for this incident, the number of records still increased 48% compared to Q1 2019” commented Inga Goddijn, Executive Vice President at Risk Based Security.
“On average, hacking exposed an average of approximately 850,000 records per breach and most breaches originated from outside the organization. We are continually finding that simply meeting regulatory standards or contractual obligations do little to actually prevent a breach from occurring.”
Directly after the WHO declared COVID-19 a global pandemic, an estimated 16 million US employees were sent home and instructed to work remotely, while governments around the world implemented widespread school closures impacting over 90 percent of the world’s student population, Absolute reveals.
This result placed IT and security teams under immediate pressure to quickly stand up work-from-home or learn-from-home environments to ensure continued productivity, connectivity, and security.
“COVID-19 marks the beginning of a new era where we believe the nature of work will be forever changed,” said Christy Wyatt, President and CEO of Absolute.
“As this crisis took hold, we saw our customers mobilize quickly to get devices into the hands of students and employees and navigate the challenges of standing up remote work and distance learning programs. What has become resoundingly clear is there has never been a more critical time for having undeletable endpoint resilience.”
Sensitive data is building up on enterprise devices
There has been a 46 percent increase in the number of items of sensitive data – such as Personally Identifiable Information (PII) and Protected Health Information (PHI) – identified on enterprise endpoints, compared to pre-COVID-19. Compounded by the pre-existing gaps in endpoint security and health, this means enterprise organizations are at heightened risk.
Enterprises at heightened risk of data breaches or compliance violations
On average, one in four enterprise endpoint devices have a critical security application (anti-malware, encryption, VPN, or client management) that is missing, inactive or out-of-date.
With the significant increases in sensitive data being stored on enterprise endpoint devices, enterprises are putting themselves at risk of legal compliance violations and data breaches as COVID-19 cyber attacks accelerate.
Employee and student device usage continues to rise post-pandemic
The data shows a nearly 50 percent increase in the amount of heavy device usage – 8+ hours per day – across enterprise organizations, jumping to an increase of 62 percent in heavy education device usage. The average number of hours education endpoint devices are being used daily is also up 27 percent.
Patch management plaguing both enterprise and education IT teams
Device health sees slight improvement, but patch management continues to plague both enterprise and education IT teams. The average enterprise endpoint device running Windows 10 continues to be nearly 3 months behind in applying the latest patch, with that delay spiking to more than 180 days since a patch has been applied to the average student Windows 10 device – leaving students and employees vulnerable.
A surprising 51 percent of technology professionals and leaders are highly confident that their cybersecurity teams are ready to detect and respond to rising cybersecurity attacks during COVID-19, according to ISACA. Additionally, 59 percent say their cybersecurity team has the necessary tools and resources at home to perform their job effectively.
This presents a problem, as 58 percent of respondents say threat actors are taking advantage of the pandemic to disrupt organizations, and 92 percent say cyberattacks on individuals are increasing.
Remote work increasing data protection and privacy risk
While 80 percent of organizations shared cyber risk best practices for working at home as shelter in place orders began, 87 percent of respondents still say the rapid transition to remote work has increased data protection and privacy risk.
“Organizations are rapidly and aggressively moving toward new ways of doing business during this time, which is a very positive thing, but it can also lead to making compromises that can leave them vulnerable to threats,” says ISACA CEO David Samuelson.
“A surge in the number of remote workers means there is a greater attack surface. Remote work is critically important right now, so security has to be at the forefront along with employee education.”
More than 3,700 IT audit, risk, governance and cybersecurity professionals from 123 countries have been surveyed in mid-April to assess the impact of COVID-19 on their organizations and their own jobs.
Concerns about the wider impact
Most of these professionals believe their jobs are safe. Ten percent think a job loss is likely and 1 percent has been furloughed. However, while their own positions are stable, respondents are still extremely concerned about these wider impacts of the novel coronavirus:
- Economic impact on my national economy (49 percent)
- Health of family and friends (44 percent)
- Personal health (30 percent)
- Economic impact on my organization (24 percent)
The negative effects
While respondents report being highly satisfied with their organization’s internal communications, business continuity plans and executive leadership related to COVID-19, their organizations have not been able to avoid the negative effects, including:
- Decreased revenues/sales (46 percent)
- Reduced overall productivity (37 percent—more executives than practitioners think this is the case)
- Reduced budgets (32 percent)
- Supply chain problems (22 percent)
- Closed business operations (19 percent)
The majority of respondents expect normal business operations to resume by Q3 2020.
“It’s hard to predict what ‘normal’ will look like in the short term,” said ISACA CTO Simona Rollinson. “What we do know is that tech professionals, including the IT audit, risk, governance and security professionals in our community, are more necessary than ever to their enterprises, and they are well-positioned to adapt and even thrive, regardless of what changes may be in store.”
64 percent of workers in the U.S. say their quality of work has improved amid the disruptive impact of COVID-19, according to KPMG.
They also reported better collaboration (70 percent) and that their team has effectively adapted to working together (82 percent) during this time.
“There is a mutual resiliency and commitment between organizations and their employees that’s resulting in improved connectivity and productivity,” according to Paul Lipinski, KPMG‘s Human Capital Advisory leader.
“During times of uncertainty, like now, it is more important than ever to make sure employees not only understand their role and responsibilities, but also that they feel recognized and appreciated for what they do.”
Quality of work has improved: Embracing new tools
Fifty-nine percent of American workers indicated that they had adequate resources to do their job remotely, and they also reported that their team is effectively using technology to communicate (87 percent).
American workers also indicated that they have concerns about the future. Sixty-three percent are concerned about reduced pay, and more than half are concerned about job loss (57 percent) and the future of their industry (56 percent). Forty-four percent expressed concern about technology replacing their job.
“Employees have demonstrated a welcome willingness to embrace new tools and work arrangements,” Lipinski added. “As technologies such as artificial intelligence continue to reshape the world of work, and employers inevitably shift their focus from resilience to recovery, it will be incumbent upon them to ensure employees’ skillsets keep pace and that their workforce has the learning ecosystem and flexibility needed to adapt to the change ahead.
Investing in quality relationships with employees
Companies that invest in quality relationships with their employees and effectively communicate their value will witness better collaboration and productivity among their workforce than those that do not.
Of the 75 percent of respondents who indicated their companies made them feel valued, 60 percent reported an improved level of productivity (versus 37 percent who did not). Respondents who felt valued also indicated better team collaboration (75 percent) versus those who did not (55 percent).
“Organizations should focus on maintaining and improving their employees’ experience to keep them engaged and motivated as new workplace realities are accommodated,” said Lipinski. “When employers emphasize employee value, the more likely those employees will be collaborative and productive in a volatile environment.”
Preventing burnout in leadership ranks
Overwhelmingly, 96 percent of upper-level management reported their commitment to their companies, along with 87 percent of middle-management.
However, those in management roles reported having a harder time adapting in comparison to non-management respondents, indicating that their job is more demanding now (67 percent versus 50 percent), work/life balance is more difficult (63 percent versus 47 percent), and work is overwhelming (55 percent versus 39 percent).
“To address and prevent burnout in leadership ranks, organizations should reestablish expectations and resourcing for top-level leaders, making sure they have everything they need to do their jobs and manage their emotional and psychological challenges,” Lipinski indicated. “They should also take note of critical roles and ensure a succession plan is in place.”
A five-phase strategic and systematic approach to strengthen the resilience of organizations’ current business models is key to business continuity during the coronavirus pandemic, according to Gartner.
“Companies tend to have traditional business continuity strategies and plans that focus on the continuity of the resources and processes but omit the business model,” said Daniel Sun, research vice president at Gartner. “However, the business model itself can be a threat to continuity of operations in external events, such as the global outbreak of COVID-19.”
CIOs can play a key role in the process of raising current business model resilience to ensure ongoing operations, since digital technologies and capabilities can influence every aspect of business models.
Phase 1: Define the business model
Facing the contingency of COVID-19 outbreaks, companies should first focus on their core customers that are essential to their continuity of operations, and then refer to a process of defining their current business models by asking questions focused on their customers, value propositions, capabilities and financial models.
Although CIOs do not normally lead the process of defining business models, they should proactively engage with senior business leaders to run through 10 key questions regarding current business models. This is foundational for CIOs to actively participate in modifying current business models.
Phase 2: Identify uncertainties
This step can be carried out through a strength, weakness, opportunity and threat (SWOT) analysis, or by brainstorming. Given the wide range of uncertainties and threats, this step can benefit from a heterogeneous group of participants with diverse backgrounds and interests, particularly where IT is normally involved.
Companies should focus on the risks that the uncertainty poses to the components of the business model.
“CIOs should participate in, or coordinate, the brainstorming sessions to identify any uncertainties from COVID-19 outbreaks,” said Mr. Sun. “CIOs can share some of IT’s potential uncertainties and threats, such as issues with IT infrastructure, applications and software systems.”
Phase 3: Assess the impact
Multidisciplinary members should form a project team to assess, or even quantify, the impact of the identified uncertainties. CIOs can provide the potential impacts from an IT perspective.
Phase 4: Design changes
At this point in the process, the emphasis is to develop tentative strategies rather than estimate their feasibility. Selecting and executing changes will follow in the next phase. CIOs and IT should leverage digital technologies and capabilities to facilitate the designed changes.
Phase 5: Execute changes
The decision on which changes to execute is principally a decision for senior leadership teams. The strategies for changes defined in Phase 4 provide essential input for this decision process. Senior leadership teams should select the strategies they feel most compelling to implement, which is often based on both economic calculations and intuition.
“Once senior leadership teams select the business and IT change initiatives, CIOs should apply an agile approach in executing the initiatives. For example, they can form an agile (product) team of multidisciplinary team members, enabling the alignment between business and IT and ensuring delivery speed and quality,” said Mr. Sun.
“In crises such as the COVID-19 outbreak, agility, speed and quality are crucial for enabling the continuity of operations.”
88% of organizations have encouraged or required employees to work from home, regardless of whether or not they showed coronavirus-related symptoms, according to a Gartner survey of 800 global HR executives.
Nearly all organizations (97%) have canceled work-related travel, more than an 80% increase since March 3.
“As the COVID-19 crisis disrupts organizations across the globe, HR leaders must respond quickly and comprehensively, considering both immediate and long-term talent consequences,” said Brian Kropp, chief of research for the Gartner HR practice.
How organizations are addressing coronavirus-related absences
The survey shows that organizations, trying to balance employee needs with financial realities, are employing a variety of approaches to time-off policies in response to COVID-19. Nearly half (48%) of employers require employees to use sick leave first, then vacation leave and finally potential PTO for coronavirus absences.
Twenty percent of organizations increased PTO for individuals who are sick and/or caring for a sick family member; 18% of organizations have granted additional PTO for parents who are caring for children whose schools are closed.
“Our research shows that only a minority of employers plan to downsize or ask employees to take unpaid leave,” added Mr. Kropp. “Instead, most organizations are focusing on measures such as more effective use of technology and freezing new hiring to cut costs.”
Organizations are employing several cost-cutting measures
The survey shows that most employers plan to cut costs while minimizing impact to pay for existing employees when possible. Seventy percent of organizations report that the main cost-cutting measure they plan to use is more effective use of technology. Nearly half of organizations plan to freeze new hiring.
A greater percentage of organizations plan to reduce work for external partners rather than employees — one-fifth of organizations plan to stop or limit consultant spend and/or reduce the number of contract workers. Only 10% of employers plan to reduce working hours, and just 6% report asking employees to take unpaid leave.
To manage remote talent during the COVID-19 crisis, there are recommendations for HR leaders.
Provide direction, confidence and resilience
Employees are relying on leaders at all levels of the business to take action and set the tone. Communications from senior business leaders to managers should prioritize associate health and business sustainability.
Communicate regularly with employees, maintaining an open dialog. The survey found that 56% of organizations have communicated a plan of action to employees in the event the COVID-19 outbreak.
Contextualize coronavirus for the organization
Leaders should be a trusted source for accurate and up-to-date information on coronavirus and how it is impacting the organization. Avoid sharing information from social media; leverage trusted resources such as the World Health Organization and the Centers for Disease Control and Prevention.
Contextualize information and data as much as possible so that it specifically relates to the organization.
Encourage intentional peer-to-peer interactions
With reduced or no face time in the office, employees should maintain regular professional and personal interactions with their peers. The survey found that 40% of organizations have set up additional virtual check-ins for employees with managers and 32% of organizations have introduced new tools for virtual meetings.
HR leaders should encourage employees to leverage communication platforms they already use, either at work or in their personal lives, to create new ways to work together.
Establish team guidelines
Remote work looks different for each employee depending on their needs and those of their families. With unprecedented school closures, many employees must take on a double role as they support their children and families throughout the workday.
Organizations can meet employees’ needs by empowering teams to adapt to their conflicting time demands. For instance, teams can set “core team times” when all team members are available to collaborate.
Provide flexibility for employees’ remote work needs
When preparing for employees’ eventual return to the office, empower employees to make choices best suited for their needs and comfort levels. Where possible, allow employees to decide when to return to the office.
Enable essential employees whose work requires them to return to the office to choose the hours that work best for them to return to avoid peak commute times.