Corona has an impact on IT security

it-sa is Europe's leading trade fair for IT security and usually takes place in Nuremberg every October. As the most important platform for issues relating to cloud management, mobile and cybersecurity as well as data and network security worldwide, it is considered an important meeting place for anyone interested in IT security.

Unfortunately, it-sa was not spared by Covid-19 and will not take place in its regular form this year. As a replacement, the interactive dialogue platform "it-sa 365" was created. In May 2020, it-sa conducted an online exhibitor survey on the effects of the lockdown under the title "Trends and Forecasts on IT Security" in order to tailor this digital offering to the needs of the current situation.

For many people, the living and working situation has changed. Working from home poses new challenges not only for employees, but also for IT departments.

Security incidents are on the rise

The results of the first question provide an overview of the sectors in which the number of recorded security incidents has increased since the lockdown.

The striking thing here is that the sectors authorities and industry have been hit the hardest, closely followed by healthcare. Why are these three areas increasingly affected by security incidents? Unfortunately, IT security is still not sufficiently prioritised in some sectors, which means it has simply been neglected. However, outdated technology or a lack of budget can also be reasons for this.

When asked which security incidents have been reported most frequently since the lockdown, there is a clear "winner". In first place with 74%, a clear lead, spam and phishing emails. In second place with 62% malware or ransomware and in third place with 50% unauthorised access to the company network. The last places are occupied by social engineering and DDoS attacks. The coronavirus crisis is clearly having an impact on the methods used by cyber criminals. They are exploiting people's fear and uncertainty in relation to the coronavirus pandemic.

In addition to the type of attacks, the next analysis provides an overview of the possible factors why security incidents could occur:

Source: Online exhibitor survey it-sa in May 2020

The chart shows that only a few companies would have been sufficiently prepared to switch their working methods to the home office . Likewise, the general protection of IT as well as targeted employee training on the topic of security did not appear to have been sufficient.

Increased demand for products and security solutions

Are you interested in which products and services have been particularly in demand since the start of the lockdown? Here, too, the survey reveals trends:

67% VPN/remote access solutions
33% mobile security
31% Cloud security
21 % Authentication and IAM
17 % Virtualisation solutions
15 % Other

The need for new IT security solutions due to the changed situation is high. 40% of respondents stated that the budget for IT security solutions had remained the same. 21% each stated that the budget had either increased or decreased. 100% of respondents cited the proactive increase in the level of protection as the reason for increasing the budget for IT security solutions.

Implications for IT service providers

Several questions related to the postponement of IT security projects. This was the case for around 78% of the survey participants' customers. The following graphic provides an overview of the period for which IT security projects and investments were postponed.

Source: Online exhibitor survey it-sa in May 2020
85% of IT security service providers expect revenue losses in the short term due to the postponement of IT security projects. In the long term (later than 4 years), 77% see an increase again. The reasons for postponing projects vary greatly:
85% to save costs
45% due to staff shortages at the customer
43 % due to different budget prioritisation in the company
38 % due to travel restrictions
In the assessment of the immediate effects of the lockdown on the demand situation in the following sectors, the three sectors healthcare, government and industry are again at the top. Here, however, in a different order than in the question about the recorded security incidents since the lockdown.
Source: Online exhibitor survey it-sa in May 2020
Home office - use of company-owned or private devices?
The IT service providers surveyed provided an assessment of how many customers have not equipped their employees with company-owned end devices.
Source: Online exhibitor survey it-sa in May 2020
We have to admit that we expected significantly higher figures for the use of private devices. However, this also explains why 65% stated that they had NOT recorded any specific security incidents due to the use of private devices (as of May 2020). Only 35% answered "yes".
Here it should be emphasised that even 35% of security incidents due to the use of private end devices are too many and can cause enormous damage to those affected.
Max Mustermann
What are the dangers of using personal devices? The fact that...
company data is stored on private devices (76%)
the private devices are poorly protected (76%)
malware-infected devices enter the company network (69%)
the private WLAN network/DSL access is inadequately secured (65%)
there are licence problems (31%)
other reasons (2%)
Conclusion
With the online exhibitor survey on the topic of "Corona and its impact on IT security", it-sa has addressed a very serious issue and presented the results very well. The results should inspire EVERYONE - whether companies in the affected sectors or IT security service providers - to reflect and perhaps rethink.

What impact does coronavirus have on IT security?