Seeking to maintain competitive advantage, gain market share and satisfy evolving customer demands, businesses around the globe are pursuing digital transformation. And that digital transformation is forcing reevaluation of cybersecurity strategies, according to a new study by BMC and Forbes Insights.
One of the more significant changes, says Brian Downey, senior director of Product Management, Security Operations and Automation at BMC, is that operations are increasingly being held accountable for security — the study found 52 percent or respondents indicated that accountability for security breaches had increased for their operations teams.
"When I look at it, I think that given the amount of risk out there in the world today and the amount of angles they're getting attacked from, businesses are demanding an increasing level of accountability," Downey says. "In my mind, the operations team is the one that has control over shutting and locking the windows. That's their role. More and more customers feel that way."
Changing security strategies
"The big change that's accelerating this trend is that shift to modern architectures," Downey adds. "Sixty-nine percent of executives were saying this digital transformation is creating fundamental changes to their security strategies."
Bill Berutti, president of Security and Compliance at BMC, says that cybersecurity is now a critical initiative across the board. Companies, governments and society as a whole are facing increased cybersecurity threats including phishing, ransomware and known vulnerabilities.
"Businesses need to tear down security and operations walls — or keep getting hacked," he said in a statement Wednesday.
Allison Cramer, director of Product Marketing for the SecOps and BladeLogic solutions at BMC, says many BMC customers are responding by bringing together security professionals, operations professionals and developers into teams focused on particular mission-critical assets.
"Enterprises are redoubling their efforts to secure mission-critical assets," she says. "There's a lot of fear around patching them because those systems can't ever go down. But those critical assets may be one of the biggest targets in your organization."
Cramer says that 72 percent of respondents also indicated they want line of business managers to take a greater role in securing mission-critical assets.
"Those are going to be the people that really know the underbelly of that application," she says.
For the report, Enterprises Re-Engineer Security in the Age of Digital Transformation, Forbes Insights surveyed 308 executives from a range of industries in North America and Europe in the fall of 2016. The respondents were drawn from CIO, CTO, CISO, CSO and vice president/senior vice president of technology or information security roles. All the respondents were from companies with at least $100 million in revenue; 26 percent were from companies with revenue between $1 billion and $5 billion; 24 percent had revenue of $5 billion or more.
The survey found that enterprises in 2016 were placing more emphasis on vulnerability discovery and breach remediation. Sixty-four percent of respondents said they plan to prioritize protecting against and responding to known security threats in the next 12 months, and 43 percent said they will make timely patching and remediation a higher priority in 2017.
The respondents believe that more effectively responding to known risks will allow their teams to focus more attention on unknown risks and unplanned activities. Sixty-eight percent said they plan to increase incident response capabilities in the next 12 months.
CIOs and CSO up their investments in security
On the whole, enterprises are increasing their investment in security: 74 percent of CIOs and CSOs said security was a higher priority in 2016 than in the previous year. Additionally, 82 percent of executives said they plan to invest more in security in the coming year, with the recognition that boards are more willing to increase security investments if proposals come with solid business cases.
"The biggest fear of the CIOs and CISOs I speak to is seeing their companies on the front page of The Wall Street Journal because they've had a massive breach," Sean Pike, program vice president for Security Products at research firm IDC, said in a statement Wednesday.
BMC recommends enterprises take the following actions to close the SecOps gap:
- Create a modern cybersecurity strategy backed by a solid business model, including spending proposals that target security spending in areas of greatest impact.
- Increase efforts to secure mission-critical assets. Devote additional personnel and technology to ensure the enterprise is secure.
- Develop an enterprise-wide culture of security that includes key stakeholders like the line of business owners who can help reduce "weak link" security gaps.