More than three-quarters (76%) of security leaders have reported an increase in cyber-attacks over the past 12 months, according to VMware’s Global Security Insights Report 2021.
The report also found that the volume of attempts rose by a significant 52% across all affected organizations, emphasizing how accelerated digitization during the COVID-19 pandemic has expanded the attack surface. Indeed, over three-quarters (78%) of those experiencing a cyber-attack pointed to the rise in remote working as the reason for the increase in volume.
Additionally, four out of five (81%) of the 3542 CIOs, CTOs and CISOs surveyed for the research revealed they had suffered a breach in the past 12 months, with 82% of incidents considered material. Despite this, it appears there may be some complacency on the part of many security leaders: only 56% said they fear a material breach in the coming year, while just 41% have updated their security policies and approaches to tackle the extra risks to their organization.
The vast majority (79%) of security leaders noted that attacks have become more sophisticated in the past year, and the leading causes of breaches were reported to be third-party apps (14%) and ransomware (14%). Applications and workloads were seen as the most vulnerable points on the data journey, and 63% of respondents said there is a need for greater visibility over data and apps to pre-emptively detect attacks.
Encouragingly, close to two-thirds (61%) of security leaders agreed they need to adapt their security in light of the expanded attack surface. Securing the cloud looks to be a particular priority, with almost all (98%) respondents either already use, or are planning to shift to, a cloud-first security strategy.
Commenting on the findings, Rick McElroy, principal cybersecurity strategist, VMware said: “The race to adopt cloud technology since the start of the pandemic has created a once-in-a-generation chance for business leaders to rethink their approach to cybersecurity.
“Legacy security systems are no longer sufficient. Organizations need protection that extends beyond endpoints to workloads to better secure data and applications. As attacker sophistication and security threats become more prevalent, we must empower defenders to detect and stop attacks, as well as implement security stacks built for a cloud-first world.”