There is an increase in security breaches and businesses still face challenges surrounding cyberattacks due to lack of IT security and operations basics.
With digital transformation on the rise and technology massively outpacing policy, companies must take the lead when it comes to securing their estates. While cybersecurity has received much fanfare – with global spend predicted to exceed $1 trillion through 2021 – the biggest gaps continue to endure in plain sight.
Vanson Bourne polled 600 IT decision-makers (300 from IT operations and 300 IT security). The research discovered that:
- Over three quarters (77 percent) believe that they are not extremely well prepared to react to a serious data breach
- Over half (60 percent) have experienced a serious security breach in the last two years – 31 percent more than once
- Eight in ten claim digital transformation increases cyber risk
- Fewer than a quarter (23 percent) believe that the IT operations and IT security teams work together extremely well to secure the business; nearly all (97 percent) believe that their organization would benefit from better collaboration between these teams
- On average, respondents have visibility of 64 percent of their organization’s total software estate; only 66 percent of this software is current
- The majority of respondents demand an investment increase in areas such as software migration automation (80 percent), breach response and remediation (67 percent), and/or software patching (65 percent)
Sumir Karayi, CEO at 1E says, “Businesses are losing control of their estates because of fundamental issues such as the widening gap between IT operations and IT security and deferred responsibility.”
There is also a lack of understanding of where the security focus should be. While budget can easily be allocated to the sector, Karayi observes that “CIOs have the challenge of explaining the pivotal need for areas like patching, which can feel mundane.
“But without this hygiene, companies must constantly defend against new vulnerabilities or risk a major breach, such as the one Equifax experienced. This creates a phenomenon called the software arms race, an unabated competition between exploiters and the entire software industry. Set on a continuous loop, one creates an issue, the other builds defenses.”
Experts at major companies are weighing in on these issues. Kurt De Ruwe, CIO of Signify says, “IT operations and IT security teams must realize they have different objectives, and therefore different accountability. It’s good for teams to challenge each other and compromise in a pragmatic way.”
Looking wider, De Ruwe believes that, “If your infrastructure environment is not properly managed, then you can have the greatest security tools and still have a big risk. That’s why our policy is to patch, patch, patch the moment something becomes available.”