BMC and Forbes Insights Survey Reveals Known Vulnerabilities are the Leading Cause of Exposure to Data Breaches and Cyber Threats
Sixty percent of C-level execs see disparate priorities of Security and IT Operations 'SecOps' as a gap that may lead to data loss, production down time and reputation loss
HOUSTON — January 12, 2016 — BMC, the global leader in software solutions for IT, in association with Forbes Insights today released results from a security survey of more than 300 C-level executives revealing that known vulnerabilities are the leading cause of exposure to data breaches and cyber threats. The report also confirms a significant gap between the security and IT operations (SecOps) teams, which is contributing to unnecessary data loss, production downtime, and potential reputation damage.
The survey revealed that 44 percent of security breaches occur even when vulnerabilities and their remediations have previously been identified. Simply stated, it takes far too long to fix a vulnerability once a patch becomes available. When asked why, 33 percent of executives stated it was challenging to prioritize which systems to fix first, since the security and operations teams may have different priorities.
While the joint efforts of security and IT operations ultimately determine an enterprise's security strength, the individual goals of these two groups are often out of sync. The biggest areas of risk for an enterprise are outdated and poorly synchronized internal procedures that thwart efforts to quickly defend against known threats.
When asked about the challenges faced by IT and security, 60 percent of executives surveyed said the IT operations and security teams have only a general or a little understanding of each other's requirements. Yet, nearly half don't have a plan in place for improving the coordination between these two groups.
"Today, it often takes companies months to remediate known vulnerabilities – exposing them to potential breaches for six months or more as they work to resolve known threats," said Bill Berutti, president of the cloud, data center and performance businesses at BMC. "To discover, prioritize and fix vulnerabilities quickly calls for improved coordination between the security and IT operations teams. Narrowing the SecOps gap is critical to protecting an organization's brand and also ensures customer confidence in the ability for the business to protect its information."
As companies prepare for 2016, CIOs need a plan to address the SecOps gap. The report recommends a number of actions, including:
- Create cross-functional working groups to share security, compliance, and operational concerns while implementing regular meetings to build loyalty and trust.
- Develop collaborative workflow processes that smooth interactions of security, IT operations and compliance personnel.
- Replace error-prone manual processes with intelligent compliance and security platforms that automate the testing and rollout of security patches and provide centralized information management tools.
"Given the number of information security vulnerabilities that exist in the world today, security and IT operations can benefit tremendously from tighter collaboration and more efficient workflow," said Michael Allen, chief information security officer at Morningstar, Inc. "Closing the SecOps gap and implementing an integrated approach to automate information security processes greatly improved data security at Morningstar."
"In light of increasingly sophisticated threats, it is time to rethink the traditional, departmentalized, siloed approach to security," said Chris Christiansen, program vice president, Security Products and Services at IDC. "CIOs must hold both security and IT operations groups accountable for identifying and fixing issues quickly and integrate security and IT operations activities to further protect their organizations."
The data in the report is derived from a survey of 304 executives from a range of industries in North America and Europe, conducted by Forbes Insights in fall 2015. Half were located in North America and half in Europe. All respondents were from companies with at least $100 million in annual revenue; 27 percent were from companies with revenue between $1 billion and $5 billion; 23 percent had revenue of $5 billion or more.
To read the "The Game Plan for Closing the SecOps Gap" report, visit www.bmc.com/info/secops-survey.html.
- White Paper: Face The Facts of Compliance
- Blog: Reduce IT Vulnerabilities by Bridging the SecOps Gap
- BMC.com: IT Compliance and Security
BMC is a global leader in software solutions that help IT transform traditional businesses into digital enterprises for the ultimate competitive advantage. Our Digital Enterprise Management set of IT solutions is designed to make digital business fast, seamless, and optimized. From mainframe to mobile to cloud and beyond, we pair high-speed digital innovation with robust IT industrialization—allowing our customers to provide intuitive user experiences with optimized performance, cost, compliance, and productivity. BMC solutions serve more than 10,000 customers worldwide including 82 percent of the Fortune 500.
BMC – Bring IT to Life
BMC, BMC Software, the BMC logo, and the BMC Software logo are the exclusive properties of BMC Software Inc., are registered or pending registration with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other BMC trademarks, service marks, and logos may be registered or pending registration in the U.S. or in other countries. All other trademarks or registered trademarks are the property of their respective owners. ©Copyright 2016 BMC Software, Inc.