Most IT Leaders Lack Trust in Their Company’s Cybersecurity Posture

TEMPE, Ariz. — More than 3 in 4 senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks despite increased IT security investments made in 2020 to deal with distributed IT and work-from-home challenges, according to a new IDG Research Services survey commissioned by Insight Enterprises (NASDAQ: NSIT), a global integrator of technology solutions.

That high level of concern over the ability to withstand cyberthreats in today’s complex IT environment is causing 91% of organizations to increase their cybersecurity budgets in 2021, nearly matching the 96% that boosted IT security spending in 2020, according to the survey by Insight’s Cloud + Data Center Transformation team.

The survey, “Cybersecurity at a Crossroads: The Insight 2021 Report,” examined the impact of the distributed IT landscape and pandemic-related transition to a remote workforce on IT security, including shifts in modernization priorities, projects undertaken in 2020, and major obstacles faced in strengthening cybersecurity defenses. Respondents included more than 200 C-level IT and IT security executives in organizations with an average of 21,300 employees across a wide range of industries.

At a top level, the survey found that 78% lack confidence in their company’s IT security posture and believe improvements are needed. Respondents expressed the least confidence in their organization’s security roadmap (32%), security-related technology and tools (30%), and internal teams and skill sets (27%). They reported the highest level of trust in their company’s data management strategy, but even then, less than half (45%) voiced confidence in this aspect of security operations.

Among other key findings:

  • Cybersecurity is being integrated into multiple aspects of the business, indicating rising recognition of the risk that a cyberattack poses to company operations. Fully 100% of survey respondents report that their boards and executive teams are more focused on their organization’s security posture than in the past. In addition, 68% initiated projects to integrate incident response into companywide business continuity plans, 61% are integrating cybersecurity into infrastructure and DevOps decisions, and 59% are incorporating IT security into broader business operations decisions to better combat cyberthreats.
  • Companies shifted cybersecurity modernization priorities in 2020 in response to the immediate challenges presented by the COVID-19 pandemic, accelerating an average of five to six initiatives to protect the increasingly distributed IT environment and securely connect a remote workforce with the data needed to keep businesses running. Most companies pursued multiple projects in categories including threat visibility/identification (73%), incident response (70%), network security (68%), endpoint security (67%), application security (67%), malware protection (64%) and identity and access management (55%).
  • Most complex, long-range security projects took a back seat to block-and-tackle activities such as anti-malware/anti-virus upgrades, multi-factor authentication and Firewall as a Service (FWaaS) deployments. As a result, relatively few organizations initiated or executed projects in critical areas like identity governance, Zero Trust, data analytics, AI/machine learning and SASE implementations.

The survey also documented key challenges that organizations face in strengthening their security posture.

  • 55% rank lack of automation as the No. 1 challenge in security operations and management, reflecting their inability to manually analyze and respond to the flood of notifications and events generated by today’s increasingly complex security infrastructure. The problem is exacerbated by factors including the disparate toolsets involved, outdated technology lacking the APIs to support automation, and the time and advanced skill sets required to implement automated processes.
  • Only 27% of respondents expanded security staff in 2020 – down slightly from 30% in 2019 – leaving IT teams stretched extremely thin and without many of the specialists required to execute the wide range of tasks necessitated by the year’s evolving threatscape; 41% plan to begin or resume staff expansion this year.
  • Just 57% conducted a data security risk assessment in 2020 despite the need to reevaluate their security posture in the face of new threats associated with the pandemic. Limited manpower and resources as IT teams addressed emergency security measures likely prevented this critical step in aligning security priorities with current conditions.

“Entering 2020, organizations were in the midst of addressing security challenges associated with the increasingly distributed IT landscape spanning Cloud, edge and on-premises environments. These challenges greatly intensified with the rapid work-from-home expansion brought on by the pandemic,” says Shawn O’Grady, senior vice president and general manager, Cloud + Data Center Transformation, Insight.

O’Grady continues, “This survey shows that organizations made strides to address gaps and integrate cybersecurity into business, operational and IT infrastructure decisions, but there is still an enormous amount of work to be done. Bolstering security postures is a complex and continual effort. This is the work we do every day for organizations across all industries.”

Complete survey results are available here.

The post Most IT Leaders Lack Trust in Their Company’s Cybersecurity Posture appeared first on Security Sales & Integration.



from News – Security Sales & Integration https://www.securitysales.com/research/leaders-lack-trust-cybersecurity/
via IFTTT

Comments

Post a Comment

Popular posts from this blog

Total Tech Summit Puts Call Out for Top Integrators to Apply Now

Image
FRAMINGHAM, Mass. — Total Tech Summit announces that applications are now being accepted to attend this year’s event. Comprised of the  SSI Summit, CE Pro Summit and Commercial Integrator Summit, this year’s event will take place in Las Vegas at the MGM Grand Hotel and Casino, Nov. 13-15. At this all-expense-paid, exclusive event, VIP guests will have the chance to sit in on industry-defining sessions, key boardroom presentations, and be able to meet one-on-one with potential vendors. Total Tech Summit brings together the best in class to share ideas, learn from others, and most importantly, accelerating the next stage of their businesses. It is the only event of its kind that bridges channels and connections by bringing together professional security, commercial AV and residential AV integrators. Another perk of the Total Tech Summit is the VIP Peer-to-Peer groups. These group conversations take place throughout the months leading up to the event and are guided by the editors of t
Read more

Top 10 Security Stories From October 2021: China Ban Gains Steam, Vivint Countersues ADT

October saw its fair share of legal issues and acquisitions. This month, lawsuits involved home security companies, a gunshot detection provider and even a media company. Vivint Smart Home is seeking retribution for the lawsuit ADT filed against it last year that alleged Vivint salespeople go to ADT customers’ homes, get them to sign Vivint contracts and install the company’s alarm systems in their homes under false pretenses. Vivint had requested a motion to have that lawsuit dismissed, but when the judge denied the motion, Vivint launched a countersuit claiming it is in fact ADT that is deceiving and stealing its customers. Gunshot detection provider ShotSpotter filed a lawsuit against media company Vice, alleging it is profiting off of fabricated claims. Vice has been critical about ShotSpotter’s technology in a multitude of articles. Though not a lawsuit, Dahua and Hikvision continue to feel pressure from the U.S. government as it considers a new measure that would make it imp
Read more

Minnesota AG Calls for Cancellation of Home Security Contracts for Alleged Fraud

STEARNS COUNTY, Minn. — Bring Me the News reports that Minnesota’s Attorney General, Keith Ellison, says he’s gotten consumers in Stearns County out of home security contracts after they were misled by a door-to-door salesman. According to the report, Ellison’s office announced that home security companies Skyline Security Management and Safe Home Security have agreed to their cancel contracts with customers in and around Stearns County who purchased their systems from door-to-door salesman Gary Harvey. “Door-to-door salesmen and their employers are in the business of trust-building,” Ellison said in a statement. “They know they need to have your trust to sell you their products, particularly expensive products like security systems that are supposed to keep your home safe. When that trust is betrayed, it’s emotionally and financially painful. I appreciate Skyline and Safe Home taking the right step in canceling these contracts while my office does what we can under the law to hold M
Read more