New research suggests that CIOs and CISOs around the world have held back from implementing critical security measures. According to a survey conducted by Tanium, an Emeryville, California-based security platform vendor, 81 percent of respondents said that they have refrained from adopting an important security update or patch, due to concerns about the impact it might have on business operations. More than half reported they had done so on more than one occasion.
The Global Resilience Gap study discovered that a lack of visibility across endpoints – laptops, servers, virtual machines, containers, or cloud infrastructure – is preventing organizations from making confident decisions, operating efficiently, and remaining resilient against disruptions. Almost one-third (32 percent) of respondents said that departments and business leaders work in silos, leaving them with a lack of visibility and control over IT operations. And this has directly affected the business, with the majority (80 percent) of CIOs and CISOs having found out that a critical update or patch they thought had been deployed had not actually updated all devices.
In addition to visibility issues, 94 percent of the respondents said that they have to make compromises in how well they are able to protect their organizations from disruptions to technology, including cyber threats and outages. When asked about the key reasons for making these compromises, one-third of those surveyed cited pressure to keep the lights on, with almost one-third suggesting that a focus on implementing new systems takes precedence over protecting existing business assets. Otherwise, over a quarter cited that being hamstrung by legacy IT commitments restricted their security efforts, and 23 percent suggested that internal politics was the key driver.
A lack of understanding of the need for business and technology resilience among other leaders across an organization was identified as a key factor in pressuring CIOs and CISOs to make compromises in their efforts to maintain resilience against disruption. Almost half (47 percent) of the CIOs and CISOs surveyed said that they face challenges because other business units do not grasp how important technology resilience is to the company.
“Our research shows that CIOs and CISOs are having to hold off on making crucial updates due to concerns about the impact it might have on business operations,” said Tanium CTO Ryan Kazanciyan. “Given that global cyber-attacks such as WannaCry were catalyzed by poor security hygiene, organizations need to ensure that they can confidently effect change to protect critical assets, monitor impact, and recover from the unexpected.”
Tanium commissioned independent market research specialist Censuswide to undertake the study of 504 Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) in companies of 1000+ employees in the UK, US, Germany, France and Japan were surveyed in Q4 2018.
As organizations look to build a strong security and compliance culture, it is essential that IT operations and security teams unite around a common set of actionable data for true visibility and control.