IT outages can cause severe business damage in hours
A new survey finds that 83 percent of companies would suffer business damage during the first 24 hours of an outage and its aftermath.
The study from Dimensional Research on behalf of Netenrich also uncovers a number of contradictions in enterprises' attitude to scaling their security operations.
When looking to upgrade their security posture, 67 percent are focused on tools upgrades yet tools integration (55 percent), lack of tools expertise (52 percent) and tool sprawl (41 percent) are cited as the biggest pain points.
While security teams want to carry out more proactive and risk-driven operations, like risk management (37 percent), incident analysis (34 percent), threat modeling (29 percent), in fact they spend most of their time doing basic and reactive security tasks, like updating patches (43 percent), researching and analyzing critical incidents (41 percent) and removing false positives (40 percent).
"Organizations fail to shift to a proactive approach that prioritizes security defenses around the most likely, highest business-impacting attack vectors," says John Bambenek, primary threat researcher at Netenrich. "Security teams need to start evaluating business risk based on the likelihood of attack success and mapping that attack success to what it would actually cost the business. Focus on the critical issues that matter most to reduce the attack and outage impact."
Among other findings, less than 40 percent of firms are performing threat modeling. Only 16 percent conduct threat modeling on a daily basis and 31 percent only do so weekly. Just 30 percent practice external attack surface management.
"Our industry has taken an IT internal view to security rather than an attack external view of security," adds Bambenek. "Organizations need to shift mindsets, adopt a managed risk, not an IT-based, approach. Security operations need to be data-driven and predictive where continuous threat modeling runs at its core. This is where companies like Netenrich can help."
The report is available from the Netenrich site and you can register for a webinar to discuss the findings, to be held on November 10 at 10am PT.
Image credit: karenr/depositphotos.com