Preventing malware attacks and boosting user awareness are key cybersecurity priorities

• _{66% of Belgian CFOs are confronted with an increase in cybersecurity threats}
• _{Respondents cite malware (79%) and information theft (31%) as the key risks}
• _{Main priorities for the coming months are increasing cybersecurity awareness (76%) and improving business continuity planning (45%)}

Brussels, 22 July 2020 - Just recently, Google reported that every day it blocks more than 18 million malware and phishing emails related to COVID-19. That the risk environment of organisations has changed was confirmed by most CFOs in PwC Belgium's latest CFO Survey on cyber security. In an economically difficult period, IT security budgets are one area likely to be spared the cost cutting actions businesses are taking.

A shifting threat landscape

The risk environment has changed, as confirmed by the CFOs polled: 66% find themselves confronted with an increase in security threats or attacks since the beginning of the COVID-19 outbreak. When asked about the main cyber threats their companies are facing, respondents mentioned ransomware attacks (48%), information theft (34%), denial of service (31%) and other malware attacks (31%).

The survey results suggest more work is needed to make remote work fully secure. As companies have adopted more technology tools allowing virtual collaboration, security concerns have increased, specifically related to anti-malware and intrusion prevention, the security of their VPN and virtual desktop infrastructure and the monitoring of devices used for file sharing, video conferencing or collaborative work.

Ingvar Van Droogenbroeck, Partner at PwC Belgium states: “Cybercrime has been an increasing threat for years. Remote working setups have led to a significant increase in the number of people connected and working online. It’s no surprise this has created opportunities for cybercriminals to exploit the COVID-19 crisis and create disruption, playing on people’s fear while taking advantage of the fact that online safety and security measures at home aren’t always bulletproof. In that sense, organisations are confronted with ‘the same old threats, but in new places’. With employees now working outside of their regular working environment, social engineering and phishing attempts have become even more interesting for threat agents. Hence it’s noteworthy that compliance with control procedures is not top of mind amongst the surveyed organisations. While they have swiftly shifted their workforces to a remote working environment, the concerns related to the security of their remote working operations demonstrates that it’s very important to focus on users, their security awareness and their behaviour.”

Looking to the horizon

In the coming months, over three quarters of CFOs (76%) will prioritise increasing cybersecurity awareness, and will maintain that focus on the human factor into the longer term. Unsurprisingly given the current crisis, improving business continuity is also a short term priority (45%), along with improving endpoint security (34%), moving on-premise IT infrastructure to cloud solutions (31%) and improving patching and vulnerability management (28%). The CFOs’ long term priorities appear to be similar.

“In dealing with the immediate threats inherently linked to the COVID-19 outbreak, it’s important we stay mindful of potential blind spots. In the longer term, organisations need to ramp up their cybersecurity awareness initiatives since remote working will remain common even after the pandemic has abated. As the world manages its response to COVID-19, organisations need to keep business continuity high on the agenda. A second wave and potential lockdown could still be very disruptive. Quarantine actions following travel and contact tracing may also play a role in keeping people working from home,” explains Roy Coppieters, Director at PwC Belgium. “In addition to the focus on user awareness, attention should also be on standard best practices such as maintaining up-to-date hardware and software inventories, and a disciplined approach to security patching to reduce vulnerability. Over the longer term, greater maturity and sophistication in security information and event management - SIEM - is still the goal.”

Crises precipitate new approaches

The survey results suggest the COVID-19 pandemic has increased the importance of security defense strategies, with 28% indicating a significant increase. When asked about how IT security budgets will evolve over the coming period, 14% of CFOs stated a significant increase was planned, and almost two thirds (62%) expected a slight rise. Roughly one in four (24%) expected no change - although amid generalised cost cutting, even a stable budget is an increase in relative terms.

“Now is a good time to rethink the way of working and incorporate some of the best practices of the past period. One big challenge that companies face now is how they can balance their need to increase their cyber resilience in the toughest economic and financial circumstances we’ve seen in years. Depending on the organisation’s cybersecurity maturity level and the specific risks they’re facing, IT and security spending will differ. Don’t be the gazelle at the back of the herd who gets eaten, or the front runner who’s overspending, particularly on the wrong things. Many companies are spending too much on technology and not enough on the governance and processes to make them effective”, concludes Ingvar Van Droogenbroeck.

 About the PwC CFO Survey Series 

PwC Belgium is closely tracking sentiment and priorities for finance leaders, as businesses respond to unprecedented disruptions brought on by COVID-19. This second edition of the PwC Belgium CFO Survey series focused on cybersecurity. It reflects the views of 29 finance leaders of large companies in Belgium in a cross-section of industries in July 2020. They weigh in on the effects of the crisis on their organisations, their coping strategies and their plans and predictions for a post-COVID-19 world.

Contact

Erik Oosthuizen

[email protected]

0474 56 42 76

www.pwc.com