Companies Suffer Crippling Business Damage During First 24 Hours of IT Outage
November 15, 2021
Share this

Most (83%) companies would suffer business damage during the first 24 hours of an outage and thereafter, according to Pivoting to Risk-Driven Security Operations, a report from Netenrich based on a global survey of IT and security professionals.


The survey also revealed interesting findings and contradictions when it comes to scaling security operations:

■ When looking to upgrade their security posture, 67% focused on tool upgrades yet organizations found that tool integrations (55%), lack of tool expertise (52%) and tool sprawl (41%) were their biggest pain points.

■ While security teams aspire to do more proactive and risk-driven operations, like risk management (37%), incident analysis (34%), threat modeling (29%), they spend most of their time doing foundational and reactive security tasks, like updating patches (43%), researching and analyzing critical incidents (41%) and removing false positives (40%).

Security teams are trapped doing the same thing they have been doing for years — reactive security. They're adding more tools, needing more resources and chasing thousands of alerts while lacking the contextual data and prioritization that's highly needed.

"Organizations fail to shift to a proactive approach that prioritizes security defenses around the most likely, highest business-impacting attack vectors," said John Bambenek, Primary Threat Researcher at Netenrich. "Security teams need to start evaluating business risk based on the likelihood of attack success and mapping that attack success to what it would actually cost the business. Focus on the critical issues that matter most to reduce the attack and outage impact."

The survey finds that companies want to do more threat modeling, incident analysis and risk management, however, very few employ it or even know how:

■ Less than 40% perform threat modeling.

■ Less than half conduct threat modeling on a daily (16%) or weekly basis (31%).

■ Only 30% practice external attack surface management.

"Our industry has taken an IT internal view to security rather than an attack external view of security," adds Bambenek. "Organizations need to shift mindsets, adopt a managed risk, not an IT-based approach. Security operations needs to be data-driven and predictive where continuous threat modeling runs at its core."

Other key findings from the report include:

■ 80% of companies have 30% or less of their IT budget dedicated to security.

■ Companies experienced minimal security budget increases despite growing IT demands as a result of remote work shifts and COVID impact: 19% reported no increases to security budgets, 29% received less than 10% budget and 8% received 50% or more budget increase.

■ Companies looked to MSPs to augment their security operations: 47% rely on managed services to run their ops entirely or in hybrid arrangements.

■ MSPs have an opportunity to expand their services by offering advanced, risk-based security and threat modeling services: only 17% of MSPs are offering threat modeling.

Methodology: Administered by Dimensional Research, a total of 333 qualified global IT and security professionals participated in the survey and carried enterprise security responsibilities at medium to enterprise-sized companies.

Share this

The Latest

November 23, 2021

The holidays are almost upon us, and retailers are preparing well in advance for the onslaught of online consumers during this compressed period. The Friday following Thanksgiving Day has become the busiest shopping day of the year, and online shopping has never been more robust. But with supply chain disruptions limiting merchandise availability, customer experience will make the difference between clicking the purchase button or typing a competitor's web address ...

November 22, 2021

The 2021 holiday season will be an inflection point: As the economy starts to ramp up again while the country still grapples with the pandemic, holiday shopping will be the most digital holiday season in history by a long shot ... The work must begin months before, as organizations learn from the year prior and take steps to improve experiences and operations, fine-tune systems, plug in new data sources to enrich machine-learning algorithms, move more workloads to the cloud, automate, and experiment with new tech. These efforts culminate in "API Tuesday" ...

November 18, 2021

Most (83%) of nearly 1,500 business and IT decision makers believe that at least 25% of their workforce will remain hybrid post-pandemic, according to the Riverbed | Aternity Hybrid Work Global Survey 2021. While all indicators signal hybrid work environments are the future, most organizations are not fully prepared to deliver a seamless hybrid work experience ...

November 17, 2021

The results of the 2021 BMC Mainframe Survey highlight the consistent positive growth outlook as seen in recent years, with 92 percent of respondents viewing the mainframe as a platform for long-term growth and new workloads, and 86 percent of extra-large shops expecting MIPS (millions of instructions per second) to grow in the coming year. This is not surprising, considering the disruptive nature of the modern digital economy ...

November 16, 2021

With an accelerated push toward digital transformation, organizations everywhere are trying to find ways to work smarter, not harder. A key component of this new model is finding ways to automate business processes — freeing up employees to focus on more strategic, valuable work and improving customers' experiences. Today's enterprise IT leaders have many options to help drive automation initiatives — from digital process automation and artificial intelligence (AI) to enterprise content management and robotic process automation (RPA) ...

November 15, 2021

Most (83%) companies would suffer business damage during the first 24 hours of an outage and thereafter, according to Pivoting to Risk-Driven Security Operations, a report from Netenrich based on a global survey of IT and security professionals ...

November 10, 2021

More than half (60%) of workers said new software had occasionally or frequently frustrated them within the past 24 months, according to a new survey by Gartner ...

November 09, 2021

Everyone laments technical debt like it were a high-interest credit card. But just like how your CFO uses debt as capital for the business, the intelligent Product Manager knows that technical debt can help finance your path to market if you know how to manage it well ...

November 08, 2021

Artificial intelligence (AI) may be the brains, but when the market hears the term "AIOps," it puts automation in the mix. After all, what is the use of knowing without doing? ...

November 03, 2021

How do you ensure your journey to automated IT Ops is streamlined and effective, and not just a buzzword? ...