2020 CROWDSTRIKE GLOBAL SECURITY ATTITUDE SURVEY - CROWDSTRIKE VANSON BOURNE RESEARCH RESULTS - NOVEMBER 2020
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
2020 CrowdStrike Global Security Attitude Survey
Insights into security transformation and prevalent attack vectors
in a work from anywhere world
CrowdStrike
Vanson Bourne Research Results – November 2020Headline to go here
over a few
2,200 senior ITDMs and IT security professionals lines.
were interviewed
August and September 2020, split in the following ways…
in
…by country …by sector …by respondent type
Fina ncia l service s a nd in suran ce 306
US 400
Man ufacturin g and p rodu cti on 282
UK 200 Aero space , au to motive an d
en gin eeri ng 273
France 200
IT servi ces and tech nol ogy 177
Germany 200
He althca re 153
Spain 100
Ene rgy, u ti litie s, oi l and g as 152
Italy 100 1100 1100
Bio te chno log y a nd ph armace utical s 147
Netherlands 100 Re ta il 137
Middle East 100 Pub lic sector 130
India 300 Ho spital ity, en te rta inme nt, food , be verag es and
med ia 126
Japan 200 Transp ort 122
Singapore 100 Tele coms 109
Australia 200 Busi ness an d professi ona l service s 86 Senior IT decision makers IT security professionals
Showing respondent country [2,200] Within which sector is your organization? [2,200] Showing respondent type [2,200]
02
2 [Country, D2, D4]Headline to go here
over
While ransomware and nation-state attacks a
are few lines.
looming over organizations, their security posture
over the coming months and years could have taken a positive turn as a result of the COVID-19
pandemic
56% $1.1 58% 79% 73%
The percentage of The average The percentage of The percentage of The percentage of
respondents’ amount, in millions respondents who are respondents who respondents who
organizations that of USD, that more concerned believe that their agree that COVID-19
have suffered a organizations have about China than organization’s has proven to be a
ransomware attack had to pay when they are about outlook, over the next catalyst for long-
in last 12 months paying the ransom Russia delivering a 12 months, on its awaited approvals on
demands of their devastating nation- overarching security upgrades
attackers state attack on their security strategy
organization and architecture, is
more positive now
as a result of the
COVID-19 pandemic
03
3 [Q2, Q3a, Q9, Q16, Q22_6]Headline to go here
Four areas of interest: over a few lines.
1. The Proliferation of Ransomware
2. Nation-States Present a Huge Threat Regionally
3. The Need for both Digital Transformation and Security Transformation
4. The Changing Cybersecurity Landscape. Have Organizations Gotten Better
at Response?
04
4Headline to go here
over a few lines.
1. The Proliferation of Ransomware
5Headline to go here
Concern levels around ransomware over a
have seen few
the lines.
largest proportional
increase of any cyberattack since 2019
57%
54% 53%
53% 52%
49% 50%
46% 47%
42% 43% 42%
42%
37% 37%
35% 35% 34%
32% 33% 32% 33%
29% 29% 28% 29% 30% 30%
27%
24%
0% 0% 0%
Ransomware General Phishing/spear Password Advanced IOT attacks Mobile attacks ICS/SCADA Supply chain Denial of Fileless attacks
malware phishing attacks targeted attacks attacks service on endpoints
attacks
2020 total [2,200] 2019 total [1,900] 2018 total [1,300]
Thinking about your organization’s IT security over the next 12 months, which of the following types of cyberattack are causing concern in your
organization? [Base in chart] omitting some answers, split by historical data
06
6 [Q1]Headline to go here
over
The pandemic has had an obvious impact
ransomware attacks
ona few lines.
respondents’ fears around
Total 71% 23% 5%
India 83% 12% 5%
Australia 79% 17% 4%
US 78% 19% 4%
Spain 72% 24% 4%
Middle East 70% 21% 8%
France 70% 26% 5%
Singapore 69% 23% 8%
Japan 68% 23% 9%
Germany 66% 27% 7%
UK 62% 36% 2%
Netherlands 59% 34% 5%
Italy 50% 45% 3%
I am more worried about ransomware attacks now My view has not changed as a result of COVID-19
I am less worried about ransomware attacks now
How has COVID-19 influenced your view as a cybersecurity expert toward ransomware attacks? [2,200] omitting “Don’t know” answers (Headline to go here
over
Approaching six in ten (56%) respondents a
work few lines.
for an organization
suffered a ransomware attack during the last 12 months
that has
Total 24% 33% 28% 15%
India 36% 38% 13% 12%
France 28% 32% 28% 13%
Japan 28% 24% 30% 19%
Italy 27% 29% 27% 16%
Australia 24% 43% 23% 11%
Singapore 23% 23% 32% 21%
US 22% 36% 29% 13%
Germany 21% 38% 28% 12%
Netherlands 21% 23% 38% 17%
Spain 17% 23% 45% 14%
Middle East 14% 37% 34% 15%
UK 12% 27% 38% 24%
Yes – more than once Yes – but only once No – but we expect we will No – and we do not expect to
Has your organization suffered from a ransomware attack in the past 12 months (whether you actually paid the ransom or not)? [2,200]
omitting “Don’t know” answers (1%), split by country
08
8 [Q2]Headline to go here
over
While only 27% of respondents’ organizationsa few
paid the lines.
ransom when they
suffered a ransomware attack, it cost them an average of $1.1 million (USD)
Upgraded our security
software/infrastructure to reduce risk Total $1.10
76%
of future attacks
Upgraded our security staff to reduce $1.18
65% APAC
risk of future attacks
Attempted to negotiate with the $1.06
32% EMEA
attackers
Paid the ransom US $0.99
27%
Which of the following actions did your organization take as a result of the Showing the average amount, in millions of USD, that
ransomware attack(s)? [1,241] respondents from organizations that have organizations had to pay as a result of the ransomware attack
suffered a ransomware attack in the last 12 months, omitting some answers that they suffered in the last 12 months [331] respondents from
organizations that paid the ransom to their ransomware attackers,
split by region
09
9 [Q3, Q3a]Headline to go here
over a few lines.
2. Nation-States Present a Huge Threat Regionally
10Headline to go here
over a
While it is generally believed that nation-state few
attacks lines.
go under the radar, there
is a high level of concern on display among respondents about this attack type
87%
Agree that nation-state
73%
Believe that nation-state sponsored
sponsored cyberattacks cyberattacks will pose the single
are far more common than biggest threat to organizations like
most people think – this theirs in 2021 – respondents from
opinion is most common India are most likely (90%) to display
(94%) among respondents this attitude, while those from the
from Japan biotechnology and pharmaceuticals
sector are the most likely (82%) of
any industry to report this belief
Showing the proportion of respondents who agree with the following statements: “Nation-state sponsored cyberattacks are far more common than
most people think” and “Nation-state sponsored cyberattacks will pose the single biggest threat to organizations like mine in 2021” [2,200]
011
11 [Q11_1, Q11_3]Headline to go here
over a few lines.
88% 88% 89%
79%
74% 73% 74% 74%
70%
63%
59%
Concern around nation-state 54%
attacks has risen steadily since
2018, likely resulting from high
profile attacks that have targeted
government elections in recent
years
Cyber criminals Hacktivists Insider threats Nation-states
and eCrime
groups (financially
motivated)
2020 total [2,200] 2019 total [1,900] 2018 total [1,300]
Thinking of all of the different types of cyberattackers who may target your
organization, which concerns your organization the most? Combination of
responses ranked first, second and third [Base in chart] omitting some
answers, split by historical data
012
12 [Q5combi]Headline to go here
China are more likely to be a concernover a few
than Russia whenlines.
it comes to delivering a
devastating nation-state attack, but the concern is much more balanced in the
EMEA region
Total 58% 37% 5%
APAC 71% 25% 5%
US 55% 42% 3%
EMEA 49% 45% 7%
India 79% 19% 2%
Japan 69% 23% 9%
Australia 65% 31% 5%
Italy 61% 30% 9%
Singapore 59% 34% 7%
France 53% 39% 9%
Middle East 51% 39% 10%
Spain 47% 45% 8%
UK 46% 51% 4%
Netherlands 45% 50% 5%
Germany 44% 53% 4%
China Russia Don't know
Hypothetically, which of the following countries are you more concerned about delivering a devastating nation-state attack on your organization?
[2,200], split by region and country
013
13 [Q9]Headline to go here
Growing international tensions (e.g. US-China
over a few lines. My organization cannot rule out being the
trade war) are likely to result in a considerable Nation-states are now more motivated than
ever to pursue attacks against organizations target of a nation-state sponsored cyberattack
increase in cyber threats for organizations by any government, including our own
Total 89% Total 83% Total 81%
India 95% India 89% Singapore 92%
UK 92% US 88% Australia 84%
Middle East 91% Singapore 86% India 83%
Singapore 91% Middle East 84% US 83%
US 91% Australia 84% UK 82%
Australia 88% UK 84% France 82%
Japan 87% Italy 83% Japan 82%
France 86% Germany 82% Germany 78%
Spain 85% Japan 81% Netherlands 76%
Germany 85% France 76% Spain 75%
Italy 79% Netherlands 74% Italy 75%
Netherlands 79% Spain 71% Middle East 74%
Showing the proportion of respondents who agree with the above statements [2,200] split by country
014
14 [Q11_6, Q11_7, Q11_5]Headline to go here
On average, respondents reported fourover a
separatefew lines.
reasons as to why an organization
like theirs might be targeted by a nation-state sponsored cyberattack
51% 50%
47%
44%
39% 37%
31%
27%
25%
Access to valuable Financial/intellectual To take advantage Intelligence (for Tarnish the To provoke instability For the attackers Political capital Revenge/retribution
customer data property (IP) gain of vulnerabilities instance if an organization’s image within the own (perceived)
caused by organization makes organization’s national security
COVID-19 a product for a country
government)
What, do you feel, would motivate a nation-state to attempt a cyberattack against an organization like yours? [2,200] omitting some answers
015
15 [Q6]Headline to go here
over a few lines.
3. The Need for both Digital Transformation and Security
Transformation
16Headline to go here
Total $4.86
over a few lines.
Netherlands $6.84
Australia $5.99
61% of respondents’ organizations
US $5.78
have spent at least $1 million
UK $5.72 (USD) on digital transformation
Singapore $5.15 over last three years, with the
Germany $4.90
average spend approaching $5
Spain
million (USD)
$4.76
Italy $4.10
France $3.86
India $3.78
Japan $3.66
Middle East $2.85
Showing the average amount, in millions of USD, that
organizations have spent on digital transformation over the past
three years [2,200] split by country
017
17 [Q12]Headline to go here
over a
The vast majority of respondents’ organizations few lines.
have accelerated
digital transformation plans as a direct result of COVID-19
their
Total 84% 11% 3%
Middle East 95% 1% 3%
Australia 92% 7% 2%
Singapore 90% 6% 3%
US 90% 7% 3%
India 89% 6% 5%
Germany 85% 12% 3%
Spain 84% 15% 1%
France 80% 15% 4%
Japan 77% 12% 6%
Italy 74% 20% 5%
Netherlands 74% 24% 1%
UK 74% 20% 5%
We have accelerated our digital transformation as a result of COVID-19
Our digital transformation speed has remained roughly the same
We have slowed down digital transformation as a result of COVID-19
To what extent has COVID-19 influenced the speed of your organization’s digital transformation? [2,200] omitting “Don’t know” answers (1%),
split by country
018
18 [Q14]Headline to go here
over
Modernizing security tools and increasing a few
cloud
organizations in their response to the pandemic
rolloutlines.
have been crucial to
45% 44%
35% 34% 33%
28% 27% 27%
24% 23%
5%
Modernizing our Increased rollout of Hiring and A temporary shift to We’ve had to A full-time shift to Deployment of new We’ve had to We’ve had to Departments We haven’t made
security tools cloud technology as recruitment has remote working but change and remote working technology has change and evolve lay-off/make having to ask for any changes to
more employees been frozen a return to the evolve our security slowed down or our products/ redundant some increased budgets meet the challenge
work remotely office in the toolkit paused entirely services staff of COVID-19
next 3-6 months
What changes has your organization undergone in order to meet the challenge of the COVID-19 pandemic? [2,200] omitting some answers
019
19 [Q18]Headline to go here
IT Operations tools 38%
over a few lines.
Networking 32%
Legacy security tools (e.g.
32%
Almost 80% of respondents’
firewall, antivirus)
organizations were let down in
Data storage 31% some way by technology when
adapting to the COVID-19
Modern/advanced security tools 27% pandemic
AI 27%
User
identification/authentication 24%
Analytics 22%
There were no areas where our
technology let us down 21%
Were there any areas where your organization’s technology let it
down when adapting to the COVID-19 pandemic? [2,200]
omitting some answers
020
20 [Q21]Headline to go here
over
It appears that the pandemic has kick-starteda few lines.
organizations
when it comes to spending in critical technology areas
into action
86%
80% 80% 79% 79%
77% 78% 78%
76% 75% 75%
73% 75% 73% 72% 73%
70% 71% 71% 68% 68%
65% 67% 66% 67%
63%
Total India US Australia Spain Middle East France Japan Singapore UK Italy Germany Netherlands
Security tools spending acceleration Cloud technology spending acceleration
Showing the percentage of respondents who report that their organization’s spending on security tools and cloud technology has accelerated
as a result of the COVID-19 pandemic [2,200] split by country
021
21 [Q20]Headline to go here
over a few lines.
Total $1.05
US $1.47
Netherlands $1.30
90% of surveyed organizations Singapore $1.07
have spent an additional $100,000
Germany
(USD) or more in order to adapt to $1.05
the challenges posed by COVID-19, Australia $1.01
with the average spend being over India $1.01
$1 million (USD) UK $0.99
Japan $0.87
France $0.77
Middle East $0.76
Italy $0.74
Spain $0.73
Showing the average amount of additional spending, in millions
of USD, that organizations have had to do in order to adapt to the
challenges posed by the COVID-19 pandemic [2,200] split by
country
022
22 [Q19]Headline to go here
over
An economic recession will clearly be a
bad news few lines.
for organizations, particularly
given that the majority of respondents believe that it is now harder for their
organization to prevent an intruder reaching their objective
74%
Total 60% 27% 14%
India 67% 14% 19%
Australia 63% 23% 14%
Spain 63% 26% 11%
US 63% 22% 16%
Japan 62% 27% 11%
Believe that economic
France 61% 30% 9%
recession leads to
increased cybercriminal Singapore 57% 30% 13%
activity leveraged against Germany 56% 32% 13%
their organization – this Middle East 54% 25% 21%
belief is most common UK 53% 41% 7%
(82%) among respondents Italy 51% 36% 13%
from US organizations Netherlands 51% 36% 13%
It has become harder There has been no change It has become easier
Showing the percentage of respondents who agree with the Has the COVID-19 pandemic and its subsequent impacts (lockdowns and remote working)
following statement: “Economic recession leads to increased had an effect on your organization’s abilities to prevent a cyberattacker/intruder from
cybercriminal activity leveraged against my organization” [2,200] reaching their objective? [2,200] split by country
023
23 [Q22_1, Q28]Headline to go here
over a few lines. Total 79%
India 89%
Spain 84%
Despite the raft of challenges that Netherlands 83%
the pandemic has created, the US 81%
majority of respondents believe France 78%
that it will ultimately have a Germany 78%
positive impact on their Middle East 78%
organization’s security strategy Australia 78%
and architecture Singapore 76%
UK 75%
Japan 73%
Italy 58%
Senior ITDMs 84%
IT security employees 73%
Showing the percentage of respondents who believe that the
COVID-19 pandemic has had a positive impact on their
organization’s overarching security strategy and architecture for
the next 12 months [2,200] split by country and respondent type
024
24 [Q16]Headline to go here
over a few lines.
4. The Changing Cybersecurity Landscape. Have
Organizations Gotten Better at Response?
25Headline to go here
over
There has been very little improvement in theaaverage
few lines.
detection time of a
cyber security incident in respondents’ organizations over the past year
90% The percentage of
117
The average number of
respondents who report that hours respondents estimate
it would take their that it would take their
organization more than one organization to detect a
minute to detect a cyber cyber security
security incursion/incident incursion/incident – this
average is approximately
the same as the 2019 data,
when the average was 120
hours
How long do you estimate that it would take your organization to detect a cyber security incursion/incident? [2,200]
026
26 [Q23]Headline to go here
More than half of respondents reportover
COVID-19a few lines.
has slowed down detection
time of a cyber security incident in their organization
Total 8% 19% 25% 27% 16% 5%
US 9% 16% 28% 26% 18% 3%
UK 3% 14% 23% 35% 15% 9%
France 10% 22% 20% 34% 8% 7%
Germany 10% 30% 22% 25% 8% 5%
Spain 7% 10% 32% 29% 18% 4%
Italy 2% 10% 21% 44% 14% 9%
Netherlands 1% 18% 33% 26% 13% 8%
Middle East 9% 21% 23% 19% 25% 1%
India 12% 21% 24% 13% 25% 4%
Japan 12% 12% 27% 36% 8% 3%
Singapore 6% 28% 18% 27% 16% 5%
Australia 11% 23% 25% 23% 17% 3%
Detection time is a week or more slower Detection time is days slower Detection time is hours slower
Detection time has not changed Detection time is faster It’s too soon to say
What impact, if any, would you estimate that COVID-19 has had on the average time that it takes for your organization to detect cybersecurity
incursions/incidents? [2,200] omitting “Don’t know” answers (1%), split by country
027
27 [Q25]Headline to go here
over
Organizations appear to be up against
cybersecurity incidents
a
it when itfew
comeslines.
to faster detection of
37%
32%
30%
29% 28% 27%
25%
22% 22% 22%
18%
Focus is more on Cyberattackers are We have legacy Lack of resources We are having Shadow IT Our network is too Our cyber security Too many We have too many We don't know
prevention and alw ays one step infrastructure that is in the cyber trouble hiring prevents easy fragmented with a solution is not incidents to keep vendors/solutions in enough about
perimeter security ahead of us a challenge to security professionals with detection lack of visibility good enough at on top of use cyberattackers
than detection upgrade/secure department the right set of skills detecting threats (who, where, why?)
What is preventing your organization from detecting cyber security incursions/incidents faster? [2,200] omitting “Other” answers (1%)
028
28 [Q24]Headline to go here
over
More than half of those surveyed expect
cybersecurity risk for their organization
a few
COVID-19 lines.
to increase
Total 55% 24% 20%
US 66% 18% 16%
UK 63% 30% 8%
India 61% 13% 25%
Australia 59% 18% 24%
Singapore 58% 22% 19%
Japan 54% 28% 18%
Spain 53% 30% 17%
Italy 52% 36% 9%
France 51% 26% 24%
Middle East 42% 24% 34%
Germany 40% 32% 28%
Netherlands 32% 46% 22%
Higher risk No change in risk Lower risk
What impact do you expect COVID-19 to have on cybersecurity risk for your organization from cyberattacks? [2,200] omitting “Don’t know”
answers (1%), split by country
029
29 [Q17]Headline to go here
over a few lines.
Total 73%
US 79%
India 79%
Italy 77%
The glimmer of hope for Spain 74%
organizations is that the pandemic Singapore 73%
has lit a fire under them, and this
Australia 73%
will likely result in upgrades to
their security infrastructure Middle East 72%
UK 71%
Netherlands 68%
France 67%
Japan 66%
Germany 64%
Showing the percentage of respondents who agree with the
following statement: “COVID-19 has proven to be a catalyst for
long-awaited approvals on security upgrades” [2,200] split by
country
030
30 [Q22_6]Headline to go here
over a few lines.
Thank you
To find out more, please visit:
vansonbourne.com
031
31You can also read
