Top Five Findings from the 2021 Global Security Insights Report
The most recent 2021 Global Security Insights Report from VMware has revealed some rather interesting, albeit worrying, statistics currently facing the world of cybersecurity. While many are excited to find out about the adoption of new technologies, some technologies are actually being held back by security concerns, mismanagement and smart adversaries.
In this week's Emerge5, we are unpacking five of the key findings from the 2021 Global Security Insights Report from VMware. We are also joined by VMware's Principal Cybersecurity Strategist Rick McElroy, who will unpack some of the complex findings within this report.
Resurgence of ransomware and remote work creates unpredictable attack surface
76% of respondents said that attack volumes had increased, with the majority pointing to employees working from home as the cause. Additionally, 79% said attacks had become more sophisticated. Cloud-based attacks were the most frequently experienced attack type in the past year, whereas the leading breach causes were third-party apps (14%) and ransomware (14%). The three top vectors that cause breaches of third-party apps, ransomware, and out-of-date security tech and process weaknesses build a strong picture of external threats and internal weaknesses.
Cloud-first security strategies are now universal
98% of respondents already use or plan to use a cloud-first security strategy, but the move to cloud has expanded the threat surface. Nearly two thirds of correspondents (61%) agree they need to view security differently now that the attack surface has expanded. 43% of respondents said they plan to build more security into their infrastructure and apps and reduce the number of point solutions. 46% of cloud adoption correspondents say they have been using a cloud-first approach for more than one year, while 30% say they have been cloud-first for less than 12 months.
A lack of urgency despite a surge in material breaches
81% of respondents have suffered a breach in the last twelve months with 4 out of 5 breaches (82%) considering material requiring reporting to regulators or, potentially, including the involvement of an incident response team. Only 56% say they fear a material breach in the next year, and just over one-third (41%) have updated their security policy and approach to mitigate the risk. The number of breaches has risen, with respondents who had a cyber-attack reporting 2.35 breaches on average per year.
Applications and workloads are the top CISO concerns
Applications and workloads are viewed as the most vulnerable points on the data journey. 63% of respondents agree they need better visibility over data and apps in order to pre-empt attacks. 60% of respondents also shared that their senior leadership team feel increasingly worried about bringing new applications to market because of the growing threat and damage of cyberattacks. However, the positive is that nearly two-thirds agree they need to view security differently than they have previously as the attack surface has expanded.
Security concerns are holding back the adoption of AI
The next frontier for business innovation may be artificial intelligence, but more than half of respondents worldwide (56 percent) agree security concerns are holding them back from embracing AI/ML based apps to improve such services. Where 63% of respondents agree that their ability to innovate depends on their building and getting apps into the hands of employees and customers more securely. Meaning most of the respondents just feel they're unable to respond to the digital opportunity.