In the past years, along with the rapid rise of IT threats, that create greater and greater challenges and become more complex and diverse, the trust that organizations place in their own security systems has seen a serious downfall. According to Cisco 2016 Annual Security Report, 92% of the executives admit that they are no longer certain of the strengths of their companies when it comes to IT security.

The fact that companies are quickly beginning to realize the risks they are exposed to is noticeable when observing the order of top-management priorities, which has been changed:

  • 48% out of the interviewed executives said that IT security is a mandatory task for them;
  • 41% admitted that they started showing greater interest to this delicate matter than they did along the past years.

This radical change of view is further sustained by the fact that over 90% of the people interviewed during the Cisco study have deliberately insisted on receiving more information on this matter. It is a perspective especially outlined by the managers of financial departments, which are pointing out the fact that creditors and regulation authorities demand more transparency when it comes to the risks they are exposed to.

The top-managements’ “reluctance” is confirmed by the IT security managers  of the companies – in the year 2016, only 45% of these still afford to trust in the security of the systems they are using. A slight decrease when compared to past years: 59% in 2015 and 64% in 2014.

It is a justified stance if we look at the problem through the prism of the example that 92% out of the devices connected to the Internet have known soft spots (the average being somewhere around 26 weaknesses per device).

This situation becomes critical when looking at the old IT infrastructures in use, where 31% of the devices no longer benefit from updates and 5% are at the end of their life cycle.

According to the study made by Cisco on a sample of 2.400 organizations coming from 12 countries, the main restrains of the IT departments when it comes to security upgrades are based on:

  • Budget constrains – 39%;
  • Compatibility problems – 32%;
  • Certification requirements – 25%;
  • Competing priorities – 24%;
  • Current workload too heavy – 24%;
  • Lack of knowledge – 23%;
  • Organizational culture/attitude – 23%;
  • Lack of trained personnel – 22%.

Budget constrains consist a major obstacle for organizations with a low maturity level, being quoted by 48% of these (compared to the average of 39%). It is a scenario commonly seen with SMB type companies, which tend to underestimate the importance of IT security becoming a target among partnerships.

As an example, the study made by Cisco brought up the fact that, in 2015, the number of SMB organizations using web security solutions decreased by 11% (from 59% in 2014, to 48% last year), by 10% when it came to using configuration tools and automatic updates (from 39% to 29%) and by 8% in the case of using weakness scan solutions (from 48% to 40%).

The decrease in concern towards security – and, by default, of the available resources for this department – amongst medium and small scale companies is justified by their top-manager by answering that they do not consider their own organization an appealing target for possible attackers. An average of 24% of the companies with less than 1.000 employees view themselves as “not worth of interest”, compared to a sparse of 15% out of the organizations with more than 1.000 employees.

The above mentioned restrains explain why outsourcing is a strategy becoming common with more and more organizations. In order for them to compensate on their lacking points, a larger number of companies – unrelated to their size – call out to security services providers, at the spearhead of the applicants being: consulting services, real time monitoring services, security audits and incident response services.

Outsourcing is a noticeable trend especially with medium and small companies: according to the report, last year, 23% of the SMB organizations outsourced their security component (compared to 14% in 2014). The main reasons for the companies of this scale to call out towards security services providers are: efficient cost management (45%); a smaller response time in the case of security incidents (45%); lack of human resources and software/hardware (31%); lack of experience (30%).

Faced with the rapid rise, in both number and difficulty of the challenges the organizations are confronted with, Cisco suggests an integrated approach, based on a security architecture and the renouncing of the principle of “See a problem, buy a box.”, which poses a rise in the level of disparity and makes potential risk matters harder to notice. In this scenario, the summons for security integrators with actual experience and abilities in the security branch becomes an obvious “must” for organizations with multi-vendor infrastructures wishing to increase their protection levels by the optimization and viability of their investments.

Learn more about Datanet Systems’ portfolio, in the dedicated section.

For more details please contact:
Gabriel Mușat
Technical and Marketing Manager