2016 was a year of surprises. The continued growth of hacking incidents with their devastating trail of destruction was among the more shocking developments. It brought cybersecurity concerns to the center of every conversation. Many an IT executive has suffered sleepless nights as they tried to figure out how they could protect their organization and their customers while delivering rapid innovation across an intricate web of scenarios.
At BMC, we are helping our customers evaluate their current security posture, so they can identify strengths and weaknesses in their ability to prevent, detect, and respond to threats. We then help them build out a plan to begin their journey towards a more modern set of tools and processes that can provide the scale, flexibility, and agility they need in the digital era. Part of our commitment to this endeavor is to partner with industry experts to discuss what is working and what’s not so we can push the thinking on how to solve these problems that no one can afford to ignore.
Today we are releasing the 2nd Annual Security survey done with Forbes Insights titled “Enterprises Re-Engineer Security in the Age of Digital Transformation.” Over 300 senior executives were surveyed to examine how organizations continue to evolve and invest to protect themselves and their customers. Below are some highlights of our findings:
69% say digital transformation is forcing changes to security strategies
Unsurprisingly, digital transformation is one of the leading causes of disruption in security practices. Sean Pike of IDC said “The key word here is ‘distributed.’ We have distributed workloads, distributed office environments, employees who are distributed, devices that are distributed…As a result, data is constantly flowing in and out of organizations, which in turn means enterprises must protect data wherever it is at any time.” As we go into 2017, organizations are going to have to prioritize data protection practices and policies.
64% will boost spending to protect against known security threats
Protect yourself against known threats. It seems fairly obvious, but it’s harder than it sounds for most organizations. The scale, complexity, and speed that organizations are coping with makes addressing known vulnerabilities a challenge. As a result, 43% will make timely patching and remediation a higher priority in 2017. The good news for organizations in this group is that patching and remediation tools are regarded as those with the highest ROI.
68% plan to enhance incident response capabilities in the next 12 months
Once you protect yourself from the known, you move to the unknown. Given the myriad ways that hackers penetrate organizations, it’s all but impossible to be breach-proof. With this in mind, organizations need to focus on how they identify issues quickly, limit damage, and respond effectively. “Here’s the reality: your organization doesn’t get bad press because you let bad guys into your network. It’s because of what they stole once they broke in,” says Paul Lewis, chief technology officer for Hitachi Data Systems. A strong guiding principle is that enterprises should avoid as many incidents as possible by eradicating the known risks with systematic and effective execution. This frees up resources to work unexpected issues, while giving them a rapid execution model to deploy changes.
Operations teams are seeing heightened accountability for security breaches
Who is accountable? It’s a key question in any organization. In last year’s survey we explored the relationship between security and operations teams and found that most executives felt that a tighter relationship between them would improve the security of the organization. Over the past year, operations teams have seen an increase in accountability for security. Specifically, the operations team is now evaluated against their ability to apply patches for known vulnerabilities within established service level agreements with the security team.
Are you ready for 2017?
At BMC we are committed to continue to innovate and to help organizations protect themselves against attacks. The bottom line is that the frequency and severity of attacks will continue to rise until something significant is done. The time for action is now.