As Cloud Looms, Security Tops IT Resilience Investment

As Cloud Looms, Security Tops IT Resilience Investment

When it comes to investments in IT resilience, cybersecurity initiatives top the to-do list for most IT departments, as cloud leads the way as the No. 1 threat concern.

According to Syncsort’s 2018 State of Resilience report, which surveyed 5,632 IT professionals globally, ongoing, high-profile hacking attacks, data breaches, disruptive natural disasters and escalating storage and data accessibility needs are top concerns for most businesses. Overall, security is the top initiative that most companies will pursue in the next 24 months (49%). The majority of professionals chose virus protection (71%), malware protection (67%), patch management (53%), and intrusion detection and prevention (IDP, 52%) as their top organizational investments in security today.

IT pros see cloud as the top security challenge: The report found that IT leaders are entrusting critical applications to the cloud, but with concerns. About 43% identify it as their top security challenge for the coming year.

“Certainly, the shared resource pools and always-on features of cloud have introduced the possibility of new security breaches – including data loss, weak identity management, insecure APIs, denial of service attacks, account hijacking and advanced persistent attacks, which infiltrate systems over a period of time,” the firm said in the report. 

The second greatest perceived challenge for IT departments is the increasing sophistication of attacks (37%). “Cunning criminals have sharpened their craft, conducting exploratory raids over months, invading systems, hiding their tracks, and deploying malware that can fool customers with bogus messages or extract and steal valuable data – the lifeblood of most companies.”

Ransomware meanwhile appeared as the No. 3 challenge confronting respondents, though Syncsort’s analysis was dubious as to the actual impact: “IT professionals are naturally aware of this phenomenon, as a result of worldwide media coverage. Yet, a considerable majority of professionals in this study had never been attacked by ransomware or were not aware that they had been; a miniscule number had paid to get data back, as mentioned in a subsequent section of this report. It remains to be seen whether ransomware is the flavor of the moment or will be a recurring trend.”

Despite these concerns, internal security audits are infrequent, the report found. Nearly two-thirds of companies perform security audits on their systems, but the most common schedule was to do it on an annual basis (39%). Another 10% of respondents audit every two years or more, which, given an ever-changing IT environment, could expose a company to risk.

The report also found that data sharing is seen as critical but challenging. About half (53%) of companies surveyed have multiple databases and share data to improve business intelligence, largely through scripting (42%), followed by backup/restore/snapshot processes and FTP/SCP/file transfer (38% each). The average company uses two different methods, adding to the complexity. In turn, this bolsters security concerns.

“IT leaders are under immense pressure to provide an enterprise infrastructure that can sustain severe threats and secure vital information while enabling data accessibility and business intelligence,” said Terry Plath, vice president, Global Services, Syncsort. “Business resilience requires the right mix of planning and technology, and this survey did a thorough job of uncovering how businesses are tackling this increasingly complex and multi-faceted challenge.”

Source: Information Security Magazine