Tanium Research Underscores Security Gaps Exposed By, Created During COVID-19Tanium Research Underscores Security Gaps Exposed By, Created During COVID-19
Once again, MSSPs are ideally suited to identify and address these issues.
July 31, 2020
With no end to COVID-19 in sight, 85% of executives predict their organizations will feel the negative effects of the pandemic for months. Most (70%) say successfully implementing long-term home IT for remote workers will prove difficult for three main reasons. They are compliance regulations (26%); cybersecurity risk management (25%); and balancing employee privacy with cyber risk mitigation (19%). That’s all according to another in a series of vendor-commissioned reports, this one from Tanium, which provides unified endpoint management and security.
Of course, those challenges come on top of those IT leaders already were trying to untangle before the pandemic hit.
For example, 71% of IT departments said that, every week, they were finding IT assets they didn’t know about or have in their inventories. IT ends up paying for items it doesn’t know it owns, which affects budgets. It also misses the opportunity to secure these devices and applications, which exposes the organization to more threats. Indeed, most IT chiefs (53%) cited this last gap as a primary concern, according to Tanium’s report, When the World Stayed Home, released in late July.
Tanium’s Chris Hodson
The reality is, shadow IT has only grown more pervasive during COVID-19. As organizations made sudden shifts to remote work, employees were cobbling together their own tools to remain functional. This led to the use of unsecured, consumer-grade resources that increased cybersecurity risk. Plus, shadow IT has inflated IT spending. As the pandemic continues, hurting the economy and inviting cyber breaches, IT departments must have full visibility into their environments. MSSPs rank among the partners best positioned to handle both security and spending oversight on behalf of customers.
“An MSSP cannot measure what they don’t manage,” Chris Hodson, global CISO at Tanium, told Channel Futures. “If users are running business applications on personal devices, for example, how does the MSSP provide visibility and control of the assets?”
Roy Duckles, MSP sales and program lead at Tanium, agreed.
Tanium’s Roy Duckles
“With the advent of home working on such a large scale and over such a short time period, MSSPs found that many of the point solutions they relied on were unable to discover, track or identify where company assets now lived,” Duckles told Channel Futures. “This caused serious problems for ensuring that remote assets accessing the corporate IT environment were secure and trusted, and were compliant.”
Hackers Continue Capitalizing on Pandemic Fears
To the point about security, it shouldn’t be surprising that 90% of respondents have seen an increase in attack frequency. Bad actors continue to capitalize on COVID-19 fears and changes — to the tune of 30% more threats than usual, according to Tanium’s findings. This makes IT’s job even harder. On that note, CXOs identified their three biggest security challenges for Tanium:
Visibility of new devices (27%). Nearly half (45%) of these respondents said they will prohibit personal devices on corporate networks from now on.
Overwhelmed IT capacity due to VPN requirements (22%). As Tanium noted, failing VPNs can make patching problematic. They can force IT teams to abandon routing employee traffic through corporate security controls.
Greater security risks from video conferencing (20%). This finding speaks for itself, especially with rampant “Zoombombing” example.
COVID-19 Took Focus Off Security Projects in Motion
The onset of the pandemic not only created new problems, it interrupted IT security projects organizations were just starting. To that end, 93% of executives told Tanium they have had to cancel or delay security priorities to accommodate the transition to remote working. They said the biggest impacts were on identity and access management, along with security strategy work (coming in at 39% and 40%, respectively).
According to CXOs and VPs, security concerns now rank as …
… their main challenges in accommodating a distributed workforce and associated digital transformation — more important than budget, support from the board of directors, and talent or expertise, Tanium said. If left unmanaged, security could pose a major financial and reputational risk to organizations. Once again, MSSPs are in an ideal position to identify and address these issues.
“Often MSSPs work closely with customers on the construction of strategy,” Hodson said. “Perhaps incident response processes needed to be improved as a pre-pandemic priority, or, identity and access management controls. Neither of these are directly enabling remote working per se, which could be an issue.”
Duckles said MSSPs have “a real opportunity” in front of them.
“MSSPs should recognize that they have the ability, with the right tools, to discover, manage and secure all endpoints, and provide the assurance to their customers that cybersecurity threats are negated,” he said.
For his part, Hodson recommends MSSPs apply security controls to all corporate devices and services. They should also test IR processes against large-scale, distributed working models. In addition, he said, “threat modeling needs to occur based on a revised, intensified attacker profile — compounded by a higher volume of unpatched, unmanaged workstations.”
Tanium turned to an outside research house for When the World Stayed Home. Its report stemmed from interviews with 1,004 CEOs, CIOs, CTOs and VPs in the U.S., U.K., France and Germany. Each of the organizations shifted to a distributed workforce during COVID-19 and employs 1,000 or more people.
Read more about:MSPs
About the Author(s)
You May Also Like