Cyber

IT trade-offs

by Mark Rowe

CIOs and CISOs around the world have held back from implementing critical measures that keep them resilient against disruption and cyber threats, according to a survey by Tanium, an IT endpoint security product company. Over eight out of ten (81pc) respondents said that they have refrained from adopting an important security update or patch, due to concerns about the impact it might have on business operations. In fact, over half (52pc) said they had done so on more than one occasion.

A Global Resilience Gap study of 500 CIOs and CISOs across the United States, UK, Germany, France and Japan, in companies of 1000-plus employees explores the challenges and trade-offs that IT operations and security face in protecting their business from cyber threats and disruptions. The study also explores the internal challenges that are holding back most technology leaders from achieving full visibility and control of their IT environments.

The study found that a lack of visibility across endpoints – laptops, servers, virtual machines, containers, or cloud infrastructure – is preventing organisations from making confident decisions, operating efficiently, and remaining resilient against disruptions. Almost a third (33pc) of respondents said that departments and business leaders work in silos, leaving them with a lack of visibility and control over IT operations. And this has directly affected the business, with the majority (80pc) of CIOs and CISOs having found out that a critical update or patch they thought had been deployed had not actually updated all devices, leaving the business exposed as a result.

As well as visibility issues, the study found IT security and operational trade-offs that CIOs and CISOs make due to wider business pressures. Over nine in ten (94pc) respondents said that they have to make compromises in how well they are able to protect their organisations from disruptions to technology, including cyber threats and outages. When asked about the key reasons for making these compromises, a third of those surveyed (33pc) cited pressure to keep the lights on, with almost a third (31pc) suggesting that a focus on implementing new systems takes precedence over protecting existing business assets. Otherwise, over a quarter (26pc) cited that being hamstrung by legacy IT commitments restricted their security efforts, and 23pc stressed that internal politics was the key driver.

A lack of understanding of the need for business and technology resilience among other leaders across an organisation was identified as a key factor in pressuring CIOs and CISOs to make compromises in their efforts to maintain resilience against disruption. Almost half (47pc) of the CIOs and CISOs surveyed said that they face challenges because other business units do not grasp how important technology resilience is to the company. While, 40pc claimed issues arise as other business units prioritise their customer work over security protocols.

These divergent priorities are leading many of the survey respondents to worry about the potential impact. Over a third of respondents (35pc) are concerned that making security compromises will lead to the loss of customer data, while a third (33pc) worry about a loss of customer trust. A quarter (25pc) of respondents said that the company being unable to comply with regulations was also a concern.

Ryan Kazanciyan, Chief Technology Officer at Tanium adds: “A resilient organisation can depend on its people, processes and technology to quickly adapt to cyberattacks, outages and other forms of disruption. However, our research shows that IT leaders are having to hold off on making crucial updates due to concerns about the impact it might have on business operations. Given that global cyber-attacks such as WannaCry were catalysed by poor security hygiene, organisations need to ensure that they can confidently effect change to protect critical assets, monitor impact, and recover from the unexpected.

As organisations look to build a strong security culture, it is essential that IT operations and security teams unite around a common set of actionable data for true visibility and control over all of their computing devices. This will enable them to prevent, adapt and rapidly respond in real-time to any technical disruption or cyber threat.”

Visit www.tanium.com.

Related News

  • Cyber

    Minimum standards

    by Mark Rowe

    The UK Government has set out a new minimum set of cyber security standards that Government expects departments to meet, and exceed…

  • Cyber

    Children’s story

    by Mark Rowe

    A children’s story has been created to help IT security people explain to their children what mum and/or dad do when they’re…

  • Cyber

    GDPR survey

    by Mark Rowe

    A European GDPR survey of IT suppliers and end users suggests progress, but work to do, on the road to readiness before…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing