Security professionals ranked business downtime as their most pressing concern over the past year — ahead of breaches or insider threats — as enterprises around the world rushed to accommodate the unprecedented demand for virtual work.
The pressure for security teams to ensure the safety of new and expanded remote platforms and internet-connected productivity tools was evident in the responses to the 2021 Signals in Security Report (click here to read the full report), which measured the sentiment from more than 600 professionals who helped guide their organizations through the chaotic period.
The report that gauged how security teams performed in the months before the pandemic through the beginning of 2021 also revealed that organizations are relying more heavily on crowdsourced security testing to confront cybersecurity challenges.
Crowdsourced security solutions gave organizations the ability to scale security operations with on-demand testing at a continuous cadence. Seventy-three percent of companies used crowdsourced security testing in 2021, up from 61 percent in 2020.
Furthermore, the survey revealed that security teams reacted to the increased attack surface by expanding testing — 87 percent of businesses now say they test every digital asset, up from 82 percent in early 2020, according to the survey conducted on behalf of Synack, a crowdsourced platform for on-demand security expertise.
“The pandemic turned security on its head. Suddenly, we were all confronting exponentially expanded attack surfaces. That meant security teams needed to be creative, nimble and seek out innovative and responsive solutions such as on-demand, crowdsourced security to give them access to the most trusted security researchers to test their assets from an adversarial perspective,” said Jay Kaplan, CEO and Co-founder of Synack.
“That’s the kind of proactive security that produced quality results and helped organizations stay ahead of the threat throughout the pandemic,” said Kaplan.
Among the key Signals in Security findings:
- Respondents named ease of testing, higher-quality findings, and exceptional scalability as the primary benefits of crowdsourced solutions.
- 57 percent surveyed wanted more investment in offensive security.
- The lack of skilled cybersecurity staff continues to hurt companies’ ability to test applications. A third of respondents indicated the primary reason their company did not test more applications was that they lacked the security staff, the same proportion as the previous year.
- Most security teams appear to have come out ahead following a year that required creativity and new thinking to meet the challenges posed by the pandemic. Almost 70 percent of security professionals said their organizations were safer than the year before.
- Crowdsourced security played a critical role in helping organizations defend against a 69 percent increase in cybercrime reports during 2020. According to the FBI’s 2020 Internet Crime Report, cyberattacks skyrocketed due to the sudden shifts in remote work, giving malicious hackers new opportunities to strike when organizations were the most vulnerable.
Signals in Security revealed opportunities to strengthen security, starting with communications between executives and security teams. Only 18 percent of analysts said business executives considered security important. More than three-quarters of executives, however, said they maintained a high commitment to security.
The initial portion of the survey was conducted from January to February 2020 and the second version was carried out from December 2020 to January 2021. Half of the participants had the role of manager or director, while 32 percent had executives or vice president roles. More than three-quarters of participants (76 percent) work at companies with between 500 and 1,000 employees. Half of the respondents (51 percent) work at companies with security teams of 25 or more analysts.