Over 1,000 CXOs were asked about the effects of COVID-19 on enterprise and government organizations in a recent global study done by Tanium. 90 percent of those executives surveyed said they experienced an increase in cyberattacks due to the pandemic. But at the same time, a greater number of the respondents, 93 percent, said they had to delay key security projects in order to work on the transition to remote work forced by the pandemic.
The study done in June of 2020, polled executives in companies with over 1000 employees from across the United States, United Kingdom, France, and Germany, and focused on how organizations are adapting to remote working, and how they are planning for what happens once the pandemic is over. The results found that in responding organizations, in addition to facing increasing cyber attacks, 98 percent said they experienced security challenges within the first two months of the pandemic.
In addition to most executives saying they had to delay security projects, another one of the troubling effects of the pandemic were around patching and updates. 43 percent experienced difficulties patching remote workers’ personal devices, exposing their organization to risk. A quarter (26 percent) admitted to effectively side-lining this vital IT security best practice. This is troubling because another report found that 60 percent of breaches could have been prevented by patching and updating software.
The results of this study should be troubling for any security executive. With the increase in cyber attacks and the advanced nature of these threats, including those that attack web applications, organizations should be re-evaluating their approach to security, rather than delaying security projects. While many organizations should be concerned about the security around the personal devices accessing the corporate network and data, they still need to ensure the systems available from the cloud are protected using system and network based security.
Every organization should have a security framework that offers a defense-in-depth architecture. For those that can take the time to improve their security, maybe it’s time to take a hint from the recent finalization of the National Institute of Standards and Technology (NIST)’s SP800-53 that was just released on September 23, 2020. The new security and privacy framework standard now requires Runtime Application Self-Protection (RASP) as an added layer of security in the framework.
RASP solutions like the one from K2 Cyber Security offer significant application protection, including protection of vulnerable applications, while at the same time using minimal resources and adding negligible latency to an application. K2 Security Platform uses runtime deterministic security to monitor the application and has a deep understanding of the application’s control flows, DNA and execution. By validating the application’s control flows, deterministic security is based on the application itself, rather than relying on past attacks to determine a zero day attack. Deterministic security results in the detection of sophisticated zero day attacks and also protects from application from the risks listed in the OWASP Top Ten, including XSS and SQL Injection.
K2’s Next Generation Application Workload Protection Platform addresses today’s need for runtime security in an easy to use, easy to deploy solution. K2’s unique deterministic security detects new attacks without the need to rely on past attack knowledge, is lightweight, and adds under a millisecond of latency to the running application. To aid in quick remediation of vulnerabilities, K2 also provides detailed attack telemetry including the code module and line number being in the code being attacked, while at the same time integrating with leading firewalls to do real time attacker blocking.
Change how you protect your applications, and check out K2’s web application and application workload security solution and evaluate K2’s effectiveness at detecting and protecting your organization from attacks.