- OTRS survey: About two thirds of businesses use ISMS, but have difficulties integrating all the necessary tools and processes
- Device security requires a lot of resources, with an upward trend due to the increasing number of devices
Cupertino, CA, November 14, 2024 – Whether companies are affected by legal requirements like the upcoming NIS-2, or DORA directives or not, an information security management system (ISMS) is essential to increase information security in the company. Although 68 percent of the IT and cybersecurity specialists surveyed in the study “OTRS Spotlight: Corporate Security 2024” already have such a system in place, in many cases important tools and processes have not yet been fully integrated into it. Two-thirds (66 percent) lack the full integration of asset management, security awareness training and audit and compliance reporting; patch management is not fully integrated in 70 percent of cases.
For the study, the software company OTRS Group, in collaboration with the market research company Pollfish, surveyed 476 IT and cybersecurity professionals, including 100 in the U.S.
Wanted: Tools for simpler integration of asset management
At 61 percent, security teams complain most frequently about the complexity of integration as the biggest obstacle to fully integrating asset management, which is so important for risk management, into their ISMS process and tool landscape. Data inconsistency (42 percent) and delayed data synchronization (40 percent) follow at some distance in second and third place among the biggest obstacles.
There is clearly a great need for tools that make it easier for security teams to seamlessly integrate asset management into their ISMS landscape. A look at those who have already implemented this confirms it: They primarily use dedicated asset management software (41 percent) or special integration tools (37 percent) for this purpose. Only ten percent implement the integration using their own scripts and APIs or transfer and synchronize data manually.
Device management: Not enough staff for too many devices
Another challenge for security teams in ensuring information security in their company and thus also complying with legal requirements is enforcing security guidelines on all devices. Not only does the increasing number of devices lead to scalability problems (33 percent), the variety of devices and operating systems (33 percent) and the management of devices in mobile or hybrid working environments (32 percent) present teams with difficulties. This is often compounded by limited IT staff or resources (39 percent), which would be required to fully accomplish this task.
In addition, 92 percent of the companies surveyed are already using AI-enabled devices – opening new doors for potential data security risks. Security teams are trying to counter this primarily by training employees in the secure handling of data (46 percent). Almost as many (43 percent) use secure servers for data processing to manage the risks and compliance with data protection regulations when using AI-enabled devices. Four in ten implement strict usage policies for this purpose, while a mere 21 percent use mobile device management (MDM) or unified endpoint management (UEM) to disable or restrict AI capabilities.
Employees are concerned about device security
In addition, after concerns about suspicious emails or possible phishing attempts, devices and their use and security are one of the most common reasons for employees contacting the security teams. 38 percent of respondents frequently or very frequently receive questions about the legitimacy of software or app downloads or updates. 36 percent say they frequently or very frequently receive inquiries due to concerns about the security of personal devices used for work.
Devices cause more risks and damage than phishing emails
Reports of lost or stolen devices with sensitive data also keep security teams on their toes: 26 percent receive them frequently or very frequently. In such cases, teams need to act particularly quickly and effectively because, according to respondents, device loss also poses one of the most high-risk or damaging issues for their organization. 37 percent say that lost or stolen devices with sensitive data have caused extreme or significant damage or risk to their organization in the past.
At 38 percent each, vulnerabilities or corrupted files in company systems and devices, as well as vulnerabilities, data breaches or misuse of AI tools or services, have also caused extreme or significant damage or risk more often in the past than phishing emails (36 percent).
“Companies have more and more devices and endpoints to manage due to home office, mobile working and increasing digitalization in all sectors. For security teams, this also means more and more risks and attack surfaces that they have to protect and secure – in many cases remotely,” emphasizes Jens Bothe, Vice President lnformation Security of OTRS Group. “To ensure that they have the necessary resources – both in the form of personnel and supporting software solutions – all employees, from the managing director to the customer service agent, must be aware of the economic risks that each additional endpoint brings with it.”
###
About the Survey “OTRS Spotlight: Corporate Security 2024”
The data used is based on an online survey conducted by Pollfish Inc. on behalf of OTRS AG, in which 476 IT and cyber security professionals in the U.S., Germany, Brazil, Mexico, Australia and Malaysia participated between August 22 and September 17, 2024.
Additional results from the second part of the survey can be found in the infographic, which is available for download here.
Results from the first part of the survey can be found here.
About OTRS Group
OTRS Group is the manufacturer and the world’s largest provider of the enterprise service management suite OTRS. It offers companies industry-independent software solutions for structured communication in customer service, IT service management and security management. In addition to the core product OTRS, the security solution STORM ensures efficient cybersecurity incident management and transparent documentation in accordance with standards such as ISO 27001.
Among its customers are Lufthansa, Porsche, BSI (Federal Office for Security in Information Technology), Helios Kliniken, Haribo, Bosch, and TUI Cruises. The company consists of OTRS AG and its five subsidiaries OTRS Inc. (USA), OTRS S.A. de C.V. (Mexico), OTRS Asia Pte. Ltd. (Singapore), OTRS do Brasil Soluções Ltda. (Brazil) and OTRS Magyarország Kft. (Hungary). OTRS AG is listed on the basic board of the Frankfurt Stock Exchange.
For more information, see www.otrs.com.
Press contact:
OTRS AG
Laura Bug
Zimmersmühlenweg 11
61440 Oberursel
Telefon: +49 (0) 6172 681988 – 32
E-Mail: pr@otrs.com
Local contact:
OTRS Inc.
Rachel Minihan
Telephone: 919-745-9094
Email: pr@otrs.com