The illusion of cybersecurity
Why IT professionals are overconfident and organisations remain vulnerable
Some recent security news: the data of hundreds of thousands of people was stolen from a company in Haarlem, the website of the States General was shut down by a DDoS attack, and a housing corporation paid thousands in ransom money after a ransomware attack. Cyber secure? Not so much. Yet 63.1% of IT professionals think their organisation is sufficiently resistant to cyber attacks, as our own recent survey report, ‘Smarter Security’ shows. But is this certainty justified?
After our report in 2020, we carried out a second survey to assess how Dutch IT professionals rate the resilience of their organisations. Has the situation improved in recent years? The results paint a similar picture. In 2020, no less than 70.3% of the companies surveyed thought they were sufficiently resilient. That was somewhat naive of them because basic measures such as patching were often not up to standard. Even now, with nearly 300 cyber attacks per week according to the Dutch Chamber of Commerce, there are lingering uncertainties surrounding the disparity between perception and reality.
Look beyond your audit
The first requirement for a secure IT environment is awareness. 69.7% of IT professionals surveyed know their organisation’s vulnerabilities and say they have taken measures to address them. However, that means almost one in three organisations still haven’t got their act together in this respect, so there’s still plenty of room for improvement. The survey also shows that most companies still don’t use more advanced monitoring tools, such as IDP and SIEM solutions.
Another problem is relying strongly on audits (55.9% of the surveyed organisations) to assess an organisation’s resilience. That’s because much can change between these snapshots, especially given today’s lightning-fast technological developments. Continuous cybersecurity testing is therefore much needed, using techniques such as application code testing and vulnerability scanning.
To patch or not to patch
The speed at which patches and updates are implemented gives an indication of how organisations actually handle their vulnerabilities. Cybercriminals gratefully exploit known vulnerabilities in IT systems that aren’t fixed, or not fixed in time. However, 84.6% of respondents sometimes decided not to install patches and updates for reasons such as the difficulty of assessing the impact on the organisation properly or simply a lack of time.
This is understandable if an organisation still has lots of legacy applications in-house, but ultimately there are few valid reasons to wait. It’s often a symptom of a wider malaise, such as inadequate lifecycle management, and it’s much better to address these underlying problems.
Although patching is still often put on hold, there is more awareness of its importance. Resistance is decreasing, particularly among management. Whereas patching wasn’t implemented in 37.8% of cases in 2020 because management was worried about business continuity, that figure has since decreased sharply to 16.7%.
Capacity gets in the way of security
A positive development: in recent years, the perception of security has moved from being nice-to-have to a must-have. However, it’s worrying to note that the concept of ‘lack of capacity’ runs as a common thread through the survey results. More than 20% of respondents said there was insufficient capacity to patch in a timely manner, and for 42.1%, getting the necessary knowledge on board is a top priority.
IT talent is scarce, and the resources available are limited. As a result, you have to constantly make trade-offs: do you put your limited capacity into security, innovation, or business growth? This can be a good argument for IT outsourcing. By leaving the technical management of infrastructure and corporate networks to an external company, you free up the time, knowledge and experience of your internal teams to strengthen your competitive position. Remember, however, that this technical management requires specialist knowledge. Costs have to be kept under control, and you have to get security in the cloud right from the start.
Releasing internal teams from this task also brings peace of mind, so when the next Solvinity survey comes out, you can legitimately state that your organisation has excellent resilience to cybercriminals.
Download the full report with key findings and opportunities to further secure your IT environment against cybersecurity risks.
Need more insight into effective cybersecurity measures? Interested in how to deal with capacity shortages or better allocate your IT budget? Or are you worried your cybersecurity isn’t up to date? Solvinity is happy to share its thoughts with you and help you find a suitable solution. Feel free to contact us for more information.
Download the Smarter Security survey report
Cyber Security 2023
Want to know more about effective cyber security measures, the different methods of security testing and IT budget allocation? Then download the survey report now!
Other articles
More
Outsourcing affects people
Municipalities that outsource their ICT face major changes within their organisation. A well-guided change is usually...
READ MORE
Save costs with Solvinity’s Oracle Database Hotel
Our Oracle Database Hotel offers the flexibility of a virtualized platform, without additional licensing costs. Read...
READ MORE
Seven cloud challenges for ISVs to overcome
Sooner or later, every ISV comes across one of these cloud challenges during the cloud transition.
