How Are Your Clients Handling Social Engineering? Chances Are, Not Well
New research from MSP Electric shows where COVID-19-fueled threats are especially problematic.
Social engineering is wreaking havoc on your customers. Seventy-one percent of IT professionals responding to a recent survey say at least one employee has fallen victim to -that particular cybersecurity threat during COVID-19.
That statistic comes from the research and insights division of Electric, a New York-based managed service provider. The company just published its 2021 Cybersecurity Report. It polled IT experts responsible for between 10 and 500 employees.
Indeed, the pandemic continues to serve as a gold mine for hackers. Using social engineering tactics (phishing, spear phishing, vishing), and malware, ransomware and more, they’re taking advantage of opportunities to exploit peoples’ fears. That’s one reason why more than half (57%) of respondents told Electric they are moderately or extremely concerned about their organizations’ ability to adapt to the COVID-19 environment.
Much of the uncertainty stems from remote work. IT has less control over employee networks, equipment and apps outside of the office. That’s why a full third of IT pros told Electric they’re wary about another person having access to a staff member’s company device such as a laptop or cell phone. Another 29% are uncomfortable with workers using untrusted networks. And 17% do not like employees relying on personal messaging services for business and personal use.
Overall, the combination of COVID-19 threats and remote work has prompted almost all – 96% – of Electric’s survey respondents to change their cybersecurity strategies. The degree to which they’re doing this, though, varies. Just more than a third (34%) are making “substantial” changes, according to Electric. Sixty-two percent, meanwhile, are implementing “some” changes. Finally, 4% are not changing anything about their approaches to cybersecurity.
Time to Rethink Order of Cybersecurity Priorities?
Those findings correlate with another area Electric explored: whether respondents are taking additional precautions against problems including supply chain attacks, advanced persistent threats, cyberespionage and IP theft, all as a result of the pandemic. Thirty-four percent have done so, in a “substantial” fashion. Another 59% have taken some other steps to protect their environments. Last of all, 7% of respondents said they are doing nothing extra in terms of safeguards.
But the measures aren’t necessarily the most effective — at least not in the order in which they’re being rolled out.
For example, most respondents (55%) say they have shared a guide with employees about cybersecurity and working from home. That’s not the greatest first-priority tactic. Of interest is that IT pros don’t appear to be pursuing more constructive solutions as frequently. To that point, not quite half (44%) installed the latest patches before sending people to work from home. Just 39% have enacted multifactor authentication. Barely more than a quarter (28%) provide VPNs for staff. Only 23% have application control and content filtering, and 19% enforce a zero-trust policy.
In other words, managed security service providers, especially, can act on clients’ behalf. Given the rampant cyber threats organizations face, there’s no time to waste shoring up customers’ networks, accesses, policies and technologies. Fortunately, end users know they need to put money into those areas. More than half (56%) of respondents told Electric they will increase cybersecurity spending this year.
That last finding correlates with other industry conclusions, including from research firm Canalys and security vendor Untangle. Canalys, for its part, predicts a 10% rise in global cybersecurity outlay in 2021 alone. The total should reach $60.2 billion, between products and services, analysts said.
About the Author
You May Also Like