Most UK Firms Admit #COVID19 Cloud Security Threat

Most UK firms are set to increase digital adoption after admitting that the cloud saved their business from collapse during the early months of the COVID-19 crisis, but security remains a persistent challenge, according to new research.

Identity management vendor Centrify surveyed 200 business decision-makers in large and medium-sized UK firms in September, in order to assess the impact of the pandemic on IT organizations.

It found that 51% claimed that transitioning to a cloud-based business model helped to keep the business afloat after the government-mandated mass remote working during the first lockdown.

However, in so doing, the shift also exposed major gaps in their cybersecurity posture: although 61% said they were ready for this challenge, 39% agreed that security risks increased.

This chimes with a separate study from Tanium which found that although 85% of global CXOs felt ready to shift to a fully remote workforce, almost all (98%) was then caught off guard by the security challenges they faced within the first two months.

Over half (56%) of the UK business leaders polled by Centrify claimed that remote working has made it harder to identify attempts to impersonate staff, presumably via BEC attacks and phishing emails.

An additional 51% said the new model of distributed working has led to an increase in ‘insider’ threats, such as employee accounts that are hijacked by attackers.

Fortunately, 60% of respondents said they are now more aware of the risks facing their organization following the spike in phishing attacks over the past few months. They will need to be, as the same number (60%) said they’re planning to increase their use of cloud-based IT as the pandemic continues.

A range of security experts over the first half of the year has warned that employees working from home may be more distracted and therefore likely to click on phishing links. The threat is amplified further by the fact that their laptops or devices may be less well secured than corporate equivalents, missing vital patches, and/or used to download non-approved applications.