The second annual security survey from BMC and Forbes Insights has found that known security vulnerabilities are still the leading cause of exposure to data breaches and cyberthreats. Although there are patches available to fix most known vulnerabilities, it’s often a challenge to prioritize which systems to fix first, as different departments have different priorities, and managers are often fearful that the patching process will lead to downtime, thus decreasing productivity.
Responding to these concerns, the survey shows that for 82 percent of respondents security investments will rise in 2017, with many dedicated to placing a renewed focus on patching known vulnerabilities. According to the survey, 64 percent of respondents will increase their efforts to protect against and respond to known security threats over the next year, and 43 percent will redouble their efforts in timely patching and remediation. For many, investments in IT and patch automation systems delivered the best return on investment among security technology purchases in 2016.
A Disconnect Between Security and Operations
While the survey indicates that many organizations realize the importance of paying sufficient attention to patching known security vulnerabilities, there’s still a significant gap in communication between security and operational teams. Often, the efforts of these two teams are out of sync, even though these are the groups that determine the overall strength of an organization’s security strategy. Bill Berutti, president of security and compliance for BMC, said in a press release, “Businesses need to tear down security and operations walls — or keep getting hacked.”
Where security and operations exist in silos, it can create an impasse between operational teams and middle management. One of the problems uncovered by the survey is the reliance on traditional reporting structures in many organizations: In 43 percent of organizations surveyed, CISOs report to the CIO, even though more than a quarter of respondents believe this structure is ineffective and causes security to be viewed as an IT issue, rather than a business asset.
Almost two-thirds of respondents believe that security would be improved if security and operations teams worked in greater collaboration, with operations staff being given greater responsibility for remediating known security vulnerabilities within established service level agreements. In order to provide greater transparency over security operations, CISOs should be moved out from under the control of the CIO. This gives equal priority to the concerns of IT operations and security groups, and ensures that known vulnerabilities can be prioritized accordingly.
As businesses continue to keep cybersecurity top of mind, it’s crucial for all departments to communicate effectively to ensure vulnerabilities can be dealt with swiftly and efficiently.
Prioritizing mobile security is crucial. Samsung Knox offers defense-grade security built into Galaxy devices from the hardware to the software.