Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/3/2020
05:07 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Survey: Biggest Concerns About Securing Digital Infrastructure Include COVID, Unsanctioned Apps, Collaboration Platforms, Marketing Technology

New SafeGuard Cyber Poll Suggests Enterprises Should Harden Systems Against Unconventional Attack Vectors

CHARLOTTESVILLE, Va., (October 29, 2020)—SafeGuard Cyber, the only SaaS platform dedicated to managing the full lifecycle of digital risk protection driving digital communications, today announced the results of a new survey of 600 senior enterprise IT and security professionals. Companies surveyed ranged in size from $100M to more than $1BN in revenue.   

SafeGuard Cyber’s Digital Risk Survey was conducted to understand how businesses rate their own security and compliance risks in the new digital reality of the workplace wrought by COVID-19 pandemic. Respondents were asked to effectively grade their adaptations to date, articulate what gaps still exist, and how they are planning for the future. Fully 31% of respondents reported their entire business process has changed and is still evolving, while 26% said they’ve rushed certain projects that were scheduled for later.

The study revealed the need to harden unconventional attack vectors in cloud, mobile, and social media technologies. Moreover, enterprise organizations are juggling the twin demands of budget constraints and the need to drive business outcomes.

Key findings include:

  • There is a significant disconnect and tension between the perceived security and compliance needs and the level of organizational planning. Despite perceived digital risk around unsanctioned apps, ransomware attacks, and securing various tech stacks, only 18% of respondents cite security as being a board-level concern.

  • 57% of those surveyed cited internal collaboration platforms, like Microsoft Teams and Slack, as the tech stack representing the most risk, followed closely by marketing technologies (41%).

  • 1 in 4 respondents cite Executives’ personal social media as being an area of risk.

  • The biggest security and compliance challenge is the use of unsanctioned apps (52%), followed by trying to monitor business communications in multi-regional environments (43%), suggesting global enterprises are seeing more friction in adapting processes to the new post-COVID digital workspace.

  • When it comes to purchasing new technology, 59% cite budget as the top concern, followed very closely by “impact on business outcomes” like revenue growth and agility (56%). Enterprises are juggling the twin demands of budget constraints and the need to drive business outcomes. 

“We all know the pandemic has had a seismic impact on businesses, but we were still surprised to learn how vulnerable organizations feel about the digital communications they’ve had to adopt rapidly,” said Jim Zuffoletti, CEO and Co-founder, SafeGuard Cyber. “Bad actors typically migrate to where the action is, so it makes sense digital channels are more likely to be targets than ever before. Surprisingly, marketing technologies have moved up on the list of exploits, and we’re seeing more and more attacks on organizations’ executive leaders.” 

“It’s telling that budget and business impact are top of mind when buying new technologies,” said Otavio Freire, CTO and Co-founder, SafeGuard Cyber. “As business look to 2021, leaders will need security controls that enable rather than block new communication channels in order to sustain growth. With the pandemic’s disruption to fundamental operations, simply saying ‘no’ to channels like WhatsApp or Slack is no longer an option. It’s the way business gets done.”

About SafeGuard Cyber SafeGuard Cyber is a Charlottesville, Virginia-based company with a cloud-based platform that empowers organizations to use social media and digital channels securely, compliantly, and at the scale of global business. With coverage across more than 50 channels, SafeGuard Cyber helps security, compliance, and marketing teams work better together to drive business forward. For more information, visit www.safeguardcyber.com/digitalrisksurvey.

*Poll conducted by Pollfish over a week long period in early October, 2020

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3493
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
CVE-2021-3492
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
CVE-2020-2509
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later Q...
CVE-2020-36195
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
CVE-2021-29445
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...