Businesses “woefully unprepared” for cyber breaches due to lack of IT security and ops basics

1E, the endpoint management and security company, has published ‘Getting Your House in Order’. The document contains research findings that showcase the considerable scale of security breaches and the challenges businesses still face surrounding cyber attacks. The detailed report concludes with a ten-point Action Plan for businesses compiled by cyber security expert Michael Daniel.

With digital transformation on the rise and technology massively outpacing policy, companies must take the lead when it comes to securing their estates. While cyber security has received much fanfare – with global spend predicted to exceed $1 trillion through 2021 – the biggest gaps continue to endure in plain sight.

Commissioned in partnership with Vanson Bourne, 1E’s independent study polled 600 IT decision-makers (300 from IT operations and 300 specialists in IT security) from across the UK and the US. The research discovered that over three-quarters (77%) believe that they’re not extremely well prepared to react to a serious data breach. Over half (60%) have experienced a serious security breach in the last two years (31% more than once) and eight-in-ten claim that digital transformation increases cyber risk.

Fewer than a quarter (23%) believe that the IT operations and IT security teams work together extremely well to secure the business. Nearly all (97%) believe that their organisation would benefit from better collaboration between these teams. On average, respondents have visibility of 64% of their organisation’s total software estate. Only 66% of this software is current.

Over three-quarters (77%) cite that remote working will continue to be a security concern until organisations can find a way to effectively reach, patch and secure remote workers. The majority of respondents demand an investment increase in areas such as software migration automation (80%), breach response and remediation (67%) and/or software patching (65%).

Deferred responsibility

Sumir Karayi, CEO at 1E, stated: “Businesses are losing control of their estates because of fundamental issues such as the widening gap between IT operations and IT security and deferred responsibility.”

There’s also a lack of understanding of where the security focus should be. While budget can easily be allocated to the sector, Karayi observed: “CIOs have the challenge of explaining the pivotal need for areas like patching, which can feel mundane. Without this hygiene, companies must constantly defend against new vulnerabilities or risk a major breach. This creates a phenomenon called the ‘Software Arms Race’: an unabated competition between exploiters and the entire software industry. Set on a continuous loop, one creates an issue, the other builds defences.”

Experts at major companies are weighing in on these issues. Kurt De Ruwe, CIO of Signify (previously Philips Lighting) urged: “IT operations and IT security teams must work together, agree upon aims and create a shared toolset. When something does go wrong, don’t play the blame game. If you point a finger, there are usually three fingers pointing back. Use your collective energy to solve the problem instead.”

Looking wider, De Ruwe believes that new technology is an important way to better empower IT operations. “Live information is really important because viruses, phishing attacks and all these things happen from moment to moment so you need to be able to react quickly. There was a time that you could afford to wait a week or two before you had the information. Today, real-time information makes all the difference.”

*To download a full copy of the survey results visit:

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts