Q&A: Forrester poll – security decision makers report breaches escalated as Covid 19 spread

By Byron V. Acohido

Human suffering and economic losses weren’t the only two things that escalated with the spread of Covid 19 last year.

Related: Can ‘SASE’ help companies secure connectivity?

Network breaches also increased steadily and dramatically month-to-month in 2020. This development is delineated in a recent report from technology research firm Forrester.

In its summary report – The State of Network Security, 2020 To 2021—Forrester combined findings derived from several surveys the firm conducted during the course of last year; Forrester polled security decision makers in organizations across North America and Europe.

The overarching takeaway: more organizations were breached, more often, in 2020 that 2019; some 58% of security decision-makers in North America and Europe reported dealing with at least one breach in 2020 as compared to 48% in 2019.

Notably, the number of organizations that said they were breached more than three times in the 12-month period was up significantly, as well.

Both external and internal cyber assaults were pervasive. Attacks routinely routed through through employees, contractors and vendors; in short, folks granted access for legitimate reasons in order to participate in cloud-based commerce.

Some 40% of respondents who experienced a breach due to an internal incident said it was due to intentional abuse of access rights from current or former employees; 38% said it was from accidental or inadvertent misuse by employees; and 22% said it was a combination of both.

We need look no further than the milestone SolarWinds hack, disclosed near the close of 2020, to see how this is playing out. That attack pivoted off of distributing a malware-ladened software update, signed with a valid digital certificate. More than 30,000 companies and government agencies were targeted, and at least 18,000 of them got a deep network infection.

I had the chance to discuss the wider implications of the shifting cybersecurity defense vs attack landscape with Forrester analyst David Holmes, lead author of the report. See excerpts of our exchanged, edited for clarity and length, below:

LW: Breaches are up, both from external and internal sources. Can you characterize what this tells us about the core operational challenge companies face making the shift to edgeless networking?


Holmes: The number of organizations reporting at least one breach over the previous 12 months went up significantly from the previous year; basically from five out of ten to six out of ten, and that’s worrying because we were seeing a downward trend the three years previous.  The data from our report doesn’t tell us why the organizations reported more breaches but the top reported attack vector was through their applications and application security has been historically — and remains today — an area of weakness for many firms.

LW: What’s the most useful thing security decision-makers should understand about the going-forward implications of a permanent shift to much wider use of remote workforces. 

Holmes: Zero Trust is the way forward. Prior to the pandemic, for the remote workforce there was already a shift happening, away from VPNs and toward Zero Trust access solutions that provide a reduced threat surface.  In the early days of the go-work-from-home mass exodus, less than a third of the organizations that I talked to either deployed or had plans to deploy these, but now it’s a clear majority.

In fact, the main strategic technology shift happening now is to move existing security stacks out into edge networks.  We just documented this in another paper, something the market also now refers to as Secure Access Service Edge, or SASE.  Organizations are either underway with these evaluations now or calling us for advice.

LW: Securing edgeless networks is not easy. What role can MSSPs play as SASE implementations take hold?

Holmes: When we interviewed five dozen vendors and clients about this, most said they expected  to see the vendor managing these services. A minority who were already using MSSPs expected to keep using them with the new model.

However, the larger MSSPs that we’ve talked to have been taking a wait and see approach, and that may be to their detriment; their customers may leave them behind.

Case in point, just this week I talked with a very large organization that was leaving their MSSP and simultaneously deploying tens of thousands of zero trust access endpoints, consumed as SaaS, for their remote users.

But I did recently talk with one EMEA-based, smaller MSSP that is going all- in on the model.  Because the ZTE/SASE model has multiple security controls, this MSSP is working out how to support and fulfill them in a way that works for their customers. These are early days for this model but interest, if our client calls are an indication, is rising quickly.

LW: Zero Trust and segmentation seem to be two sides of the same coin. How would you frame the impact they’re having?   

Holmes: Zero Trust is the strategy; micro-segmentation and zero-trust access are tactics.  Prior to the pandemic, interest was building for Microsegmentation projects but actual deployments and planning were rare; only 5% of organizations we talked to had Microsegmentation projects planned.  That has doubled now to over 10%.  But Zero Trust access is having an enormous impact and there’s a lot of acquisition activity right now among larger established vendors.


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.



Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone