VMware has released a cybersecurity threat report, “Extended Enterprise Under Threat,” based on a survey of 250 U.S. chief information officers (CIOs), chief technology officers (CTOs) and chief information security officers (CISOs), the company reported on Tuesday.
“The 2020 survey results suggest that security teams must be working in tandem with business leaders to shift the balance of power from attackers to defenders. We must also collaborate with IT teams and work to remove the complexity that’s weighing down the current model,” said Rick McElroy, Cybersecurity strategist at VMware Carbon Black.
VMware’s research has reported an increase in both cyberattack volume and breaches during the past 12 months in the U.S., which has prompted increased investment in cyber defense, with U.S. businesses already using an average of more than nine different cybersecurity tools.
97 percent of respondents said that their business has suffered a security breach in the last 12 months. The average organization said they experienced 2.7 breaches during that time. Additionally, 84 percent stated that attacks have become more sophisticated, and as a result, 95 percent have plans to increase cyber defense spending in 2021.
Cybersecurity professionals said they have used an average of more than nine different tools or consoles to manage their cyber defense program, indicating a security environment that has evolved reactively as security tools have been adopted to tackle emerging threats.
Concerning the COVID-19 pandemic, 83 percent of respondents reported gaps in recovery planning, ranging from slight to severe and 83 percent said they had uncovered gaps in IT operations. 84 percent said they encountered problems around enabling a remote workforce, while 83 percent said they’ve experienced challenges communicating with employees.
“These figures indicate that the surveyed CISOs may be facing difficulty in a number of areas when answering the demands placed on them by the COVID-19 situation,” McElroy explained. Risks directly related to COVID-19 have also quickly emerged, the survey found. This includes rises in COVID-19 malware which was seen by 89% of U.S. respondents.
“By building security intrinsically into the fabric of the enterprise – across applications, clouds and devices – teams can significantly reduce the attack surface, gain greater visibility into threats, and understand where security vulnerabilities exist,” McElroy concluded.
Katherine Arrington, chief information security officer (CISO) for the Office of the Under Secretary of Defense for Acquisition (OUSDA) for the Department of Defense (DoD) and 2020 Wash100 Award recipient, served as a keynote speaker during Potomac Officers Club’s (POC) CMMC Virtual Forum 2020, where she gave her perspective on cybersecurity threats and how COVID-19 has shifted the views on cyber threats on Cybersecurity Maturity Model Certification (CMMC).
If you missed the virtual event, you can still register to watch the footage in Potomac Officers Club’s Event Archive.
As she discussed the RFIs, she noted that a level 3 certification would require an in person audit. Arrington elaborated on the ways COVID-19 has presented new issues with the auditing process due to social distancing and the new regulations that have become the “new normal.” However, once the auditors graduate in approximately a month, DoD will release RFIs.
“We can’t take proprietary information off of a contractor’s site, so we would have to be able to look at your SEP at your physical location, Arrington explained. “We in the government are going to be right there with the industry. We are going to stick with you all to get this right.”
In case you missed the event, click here to replay POC’s CMMC Virtual Forum.
About VMware
VMware software powers the world’s complex digital infrastructure. The company’s cloud, app modernization, networking, security, and digital workspace offerings help customers deliver any application on any cloud across any device. Headquartered in Palo Alto, California, VMware is committed to being a force for good, from its breakthrough technology innovations to its global impact.
