COVID-19 Shifts 2021 Security Spending Priorities for Businesses

Toni El Inati – RVP Sales, META & CEE, Barracuda Networks, explains the shift in 2021 security spending priorities due to the pandemic.

With IT having been a fundamental enabler of business through the pandemic, it’s no surprise that digital transformation has been accelerated, and with it, the scale and complexity of cybercrime. Attackers’ exploitation of fears around the COVID-19 pandemic highlighted just how quickly they have been able to adapt to current events. The fact that recent Barracuda research found that 72% of COVID-19-related attacks are scamming – a figure that scales down to just 36% when overall attacks are considered – demonstrates how prepared cybercriminals are to exploit lucrative opportunities and prey on susceptible victims, despite the toll that the pandemic has already had on society.

As a result, organizations have had to rethink their approach to cybersecurity in recent months resulting in new priorities and avenues for cybersecurity in 2021.

If there is one thing that the current data on cybersecurity spending indicates, it is that the emphasis on security is at unprecedented levels. According to a Microsoft’s global survey that covered nearly 800 business leaders across companies having 500 employees or more, there has been a phenomenal increase by way of security spending.

The survey also indicates that there has been a rise in phishing attacks, with 90% of the surveyed companies claiming that this attack vector poses a significant threat to their organization. Meanwhile, a recent report by Barracuda indicates that phishing is still a top threat vector for attackers because employees continue to fall for such scams. The end result for the organization could be email account takeover, data theft, or even crippling ransomware-related service outages. In an environment where employees increasingly work outside the bounds of traditional IT environments, protecting against such threats is becoming increasingly complicated for cybersecurity teams.

Consequently, as many as 80% of the 800 companies mentioned above have reinforced their cybersecurity resources, by either onboarding new employees (40%) or outsourcing operations to third-party service providers (40%). Additionally, 58% report that they have allocated more budgets towards cybersecurity, while 22% stated a budget increase of over 25 % during the pandemic in comparison to pre-COVID times. Given the nature of attacks has evolved in the last year, the majority of these investments are now being directed towards multifactor authentication (20%), endpoint device protection (17%), anti-phishing tools (16%), virtual private networks (14%), and end-user training (12%).

Cybersecurity’s Silver Lining

As things stand, there are also notable plus sides to this new wave of change. There is a mass, never seen before appreciation for IT and cybersecurity. These two topics have been taking centre stage since the onset of the COVID-19 pandemic. Much to the agitation of business leaders, every new crisis that emerges has the potential to threaten existing security infrastructure and impede business continuity.

Furthermore, the drastic evolution of work models, which was accelerated through 2020, is now on a steady and irreversible path. The rise of digital workspaces has allowed employees to work from remote locations. If current statistics are any indication, working from home will be the new norm of the corporate world. In some cases, there might be no office at all thanks to the practicability of a decentralized workspace.

The increased focus on cybersecurity and the resultant hardening of enterprises’ IT defences has meant that as workforce models changes, businesses are now better positioned to adapt, with the confidence that their most vital assets – their data and their applications – will remain secure. This flexibility gives them the ability to boldly pioneer new paths and maintain a competitive edge in the rapidly changing ‘new normal’.

Zero Trust Model, a Cybersecurity Imperative

The emphasis on cybersecurity will ultimately culminate in the widespread adoption of the Zero Trust Model. In fact, since the initial months of the pandemic, Zero Trust transformed from being a mere area of interest to a business imperative. According to Gartner: “Zero Trust Network Access improves the flexibility, agility, and scalability of application access enabling digital businesses to thrive without exposing internal applications directly to the internet, reducing risk of attack.”

Through 2021, as businesses increase their cybersecurity spending to counter the new wave of attacks, their new cybersecurity solutions will be reinforced by Zero Trust. 51% of business leaders are prioritizing the Zero Trust architecture and are expediting the implementation of the same. With business continuity so inextricably linked to the availability and security of data and digital services, it would be prudent for business leaders to ensure their organisation follows suit.