News

U.S. Enterprise Cybersecurity Survey: 89% Attacked by COVID-19-Related Malware

Never let it be said that criminals aren't quick to take advantage of a global health crisis.

VMware published results of a U.S.-focused cybersecurity survey, finding that 89 percent of enterprise respondents have been targeted by COVID-19-related malware -- enabled by the work-from-home surge.

That finding comes from COVID-19-focused research supplemental to the main report, "Extended Enterprise Under Threat," based on a survey of 250 U.S. CIOs, CTOs and CISOs. The COVID-19 follow-up questions were asked after the pandemic began to take hold, polling 250 North American respondents from March to April 2020. The increased malware threat was attributed to the huge number of employees working from home amid the pandemic.

"The sudden global shift to homeworking due to COVID-19 has both increased cyberattack activity and exposed some key areas for security teams to address and learn from going forward. Our COVID-19 research has found that the vast majority are facing an uptick in cyberattack volumes due to employees working from home, and COVID-19 related malware is making its malicious presence felt," said the report.

Highlights of the COVID-19-related research include:

  • 88 percent of all North American respondents stated that they had seen an increase in overall cyberattacks as a result of employees working from home, a model that saw increased usage in all but one enterprise.
  • Just under a third (32 percent) recounted that attack volumes had gone up by between 25 and 100 percent with 4 percent of these stating that attacks had increased by between 50 and 100 percent.
  • 1 respondent out of 250 stated that they did not have more of their employees working from home than usual because of COVID-19 and the mean percentage increase in attacks for North American respondents excluding this one person was 19.39.

The COVID-10 research also asked about gaps in disaster recovery planning revealed by the pandemic, with "Enabling Remote Workforce" being No. 1.

What gaps did COVID-19 reveal in your company’s disaster recovery planning? (those saying very or slightly significant)
[Click on image for larger view.] What gaps did COVID-19 reveal in your company’s disaster recovery planning? (those saying very or slightly significant) (source: VMware).

"The sudden global shift to homeworking due to COVID-19 has both increased cyberattack activity and exposed some key areas for security teams to address and learn from going forward," the inaugural report said. "Our COVID-19 research has found that the predominant gaps identified in disaster recovery planning revolve around communication with external parties such as customers, prospects and suppliers, as well as challenges enabling the remote workforce and communicating with employees."

Meanwhile, key takeaways listed by VMware from the main survey include:

  • 92 percent of respondents said attack volumes have increased in the last 12 months.
  • 97 percent said their business has suffered a security breach in the last 12 months. The average organization said they experienced 2.70 breaches during that time.
  • 84 percent said attacks have become more sophisticated.
  • 95 percent said they plan to increase cyber defense spending in the coming year.
  • OS vulnerabilities are the leading cause of breaches, according to the survey, followed by web application attacks and ransomware.
  • U.S. companies said they are using an average of nine different security technologies to manage their security program.

"The level of attack frequency revealed in this report shows that, however fast USA businesses may be adapting to the intensifying environment, the cyber threat landscape is evolving faster," the report said.

The report, based on a survey conducted by research firm Opinion Matters at the behest of VMware Carbon Black, a security cloud provider acquired by VMware last year, is available here upon providing registration information.

The report follows a recent similar study conducted by U.K.-based security company Sophos that suggests seven in 10 organizations have experienced public cloud security incidents in the last year.

About the Author

David Ramel is an editor and writer for Converge360.

Featured