Cybercrime has reached a new peak with the onslaught of ransomware attacks and data breaches in the last several months. As organizations continue to support distributed and remote work, it’s vital IT leaders and tech pros are appropriately addressing risk and ensuring security policies and procedures are up to par.
SolarWinds recently revealed findings of its SolarWinds IT Trends Report 2021: Building a Secure Future, which took a deep dive into the degree to which organizations are prepared to manage, mitigate and prevent risk in the future.
The report details how organizations experienced medium exposure to enterprise IT risk over the past year. Although the survey respondents felt their existing risk mitigation and management policies/procedures were sufficient, it’s critical for organizations and tech pros to adopt a mentality where “medium” risk exposure is unacceptable.
The survey found 46% of tech pro respondents admitted to having medium exposure to enterprise IT risk over the past 12 months. Given the scale of sophisticated cyberattacks the industry has seen over the past year, it’s concerning so many admit to having a “medium” exposure to risk.
Interestingly, the level of perceived risk differs by size of the organization. Enterprise organizations were more likely to perceive a sense of high or extremely high-risk exposure (19%) compared to their small business (11%) and mid-size (7%) counterparts. However, the reality is whether you’re part of a larger enterprise or small start-up you’re just as likely to be breached. No one is safe.
The New Era of Risk Post Pandemic
COVID-19 has had a critical impact on organizations’ risk exposure. Risk was a concern before but now it has grown. In the IT Trends Report, tech pros flagged remote work policies, exponential growth of data as a result of new WFH needs, and distributed workforce and employee relocation as the top associated risk-inducing factors.
Combining these risks which aren’t going away with the “medium” exposure organizations are facing is putting organizations on a concerning trajectory, making it even more likely, regardless of size, that they may fall victim to a breach.
To overcome this, tech pros need to do a better job of collaborating with senior leaders and talking transparently about the state of risk in their organization.
Only when these frank conversations take place can they start to work together on crafting a policy that is designed to better manage and mitigate against risk in the future.
Securing the Enterprise in 2022
We expect to see two trends emerge next year in response to the evolving threat landscape. As the rate of attacks continues to accelerate in lockstep with hackers’ attack methodologies and schemes developing at scale, more tech professionals and organizations will look to cloud service providers, managed service providers (MSPs) and managed security service providers (MSSPs), and other third-party security tools (like those offered by Microsoft 365® subscriptions) to supplement their own IT policies and keep pace with the new, more effective security measures.
Second, tech pros and the IT community at large will better secure the enterprise by normalizing a sense of risk aversion—that is, moving from simply accepting the current exposure to a mindset where any level of risk exposure is unacceptable.
This means beginning to evaluate and implement the principles of a secure enterprise, starting with understanding security compromises will happen as cyber hackers deploy more sophisticated attacks. Tech pros should also implement detection, monitoring, alerts and response along the kill chain and engage in red team/tabletop exercises to measure effectiveness.
Creating a Culture of Risk Aversion
As a tech pro, it’s easy to think of security as an afterthought or to expect ownership to fall solely on the shoulders of a dedicated security team. But in today’s climate, this isn’t sustainable.
Instead, it’s about creating the right environment to manage risk. One of the best ways to do this is to create an environment of shared responsibility and assume compromise across all teams. This helps avoid a “blame” culture.
Once this becomes the norm, it becomes easier for IT teams to collaborate with others and ensure policies and risk procedures are continually updated or enhanced in lockstep with the evolving threat landscape.
To ensure policy effectiveness and be confident all bases are covered, IT teams must examine current processes from the outside in and apply rigor when evaluating solutions.
IT teams should start by listing out a defined set of requirements and factor in various tech costs and development time. This should include sufficient evaluation frameworks that will help separate fact from fiction when it comes to a solution’s ability to deliver on the capabilities as promised.
With the rise of cyberattacks and ransomware, organizations must maintain resilience in prevention and protection practices. A huge part of this is to change your perspective and have everyone, not just the IT team, think about security first.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!