BMC, the global leader in software solutions for IT, in association with Forbes Insights today released results from a security survey of more than 300 C-level executives across Europe and North America, revealing that known vulnerabilities are the leading cause of exposure to data breaches and cyber threats. The report also confirms a significant gap between the security and IT operations (SecOps) teams, which is contributing to unnecessary data loss, production downtime, and potential reputation damage.
The survey revealed that 44 percent of security breaches occur even when vulnerabilities and their remediations have previously been identified. Put simply, it takes far too long to fix a vulnerability once a patch becomes available. When asked why, 33 percent of executives surveyed stated it was challenging to prioritise which systems to fix first, since the security and operations teams may have different priorities.
While the joint efforts of security and IT operations ultimately determine an enterprise’s security strength, the individual goals of these two groups are often out of sync. The biggest areas of risk for an enterprise are outdated and poorly synchronised internal procedures that thwart efforts to quickly defend against known threats.
When asked about the challenges faced by IT and security, 60 percent of executives surveyed said the IT operations and security teams have only a general or a little understanding of each other’s requirements. Yet, 50 percent don’t have a plan in place for improving the coordination between these two groups.
“Today, it often takes companies months to remediate known vulnerabilities – exposing them to potential breaches for six months or more as they work to resolve known threats,” said Jason Andrew, GM and VP of Sales, BMC EMEA “To discover, prioritise and fix vulnerabilities quickly calls for improved coordination between the security and IT operations teams. Narrowing the SecOps gap is critical to protecting an organisation’s brand and also ensures customer confidence in the ability for the business to protect its information.”
As companies prepare for 2016, CIOs need a plan to address the SecOps gap. European businesses are lagging behind their North American counterparts in this regard, with only 37 percent of those surveyed (compared to 60 percent in North America) planning to purchase or implement SecOps solutions in the next twelve months.
C- level executives across EMEA should therefore consider a number of actions outlined in the report, including:
- Create cross-functional working groups to share security, compliance and operational concerns while implementing regular meetings to build loyalty and trust.
- Develop collaborative workflow processes that smooth interactions of security, IT operations and compliance personnel.
- Replace error-prone manual processes with intelligent compliance and security platforms that automate the testing and rollout of security patches and provide centralised information management tools.
“It is time to rethink the traditional, departmentalised, siloed approach to security given the increasingly sophisticated threats,” said Roy Illsey, principal analyst, infrastructure solutions at Ovum. “Both security and IT operations groups must be held accountable for identifying and fixing issues quickly and integrate security and IT operations activities to further protect their organisations.”