- OTRS survey: Businesses have increased investments in IT and cybersecurity following CrowdStrike incident
- Need for action remains high: only 49 percent are optimally prepared for security incidents
- IT security teams are increasingly automating their incident response processes
Cupertino, CA, October 10, 2024 – The CrowdStrike incident, which caused countless screens around the world to turn permanently blue in July and brought the global economy to a halt, apparently served as a wake-up call for many businesses. And not just for those whose systems were directly affected. 93 percent of all IT and cybersecurity specialists surveyed in the study “OTRS Spotlight: Corporate Security 2024” reacted to the incident and took measures to better prepare for future incidents of this kind.
The most popular method: just under half of those surveyed (45 percent) have diversified their IT and software landscape to become less dependent on individual software providers. For the study, the software company OTRS Group, in collaboration with the market research company Pollfish, surveyed 476 IT and cybersecurity professionals, including 100 in the U.S.
Better Late Than Never: Security Teams Gear Up After CrowdStrike Incident
It appears many of the companies directly affected were inadequately prepared to mitigate the impact of the incident using their own resources. Most took the actions described by CrowdStrike to address the issue (44 percent) and/or installed the provided fix (43 percent) as soon as it was available.
Only 38 percent had access to advanced real-time monitoring and alerting systems to enable rapid intervention in such an event. 40 percent of all companies – whether affected or not – only introduced such systems after the incident.
Almost as many (39 percent each) subsequently introduced additional testing for new patches and updates or an incident response plan or updated the existing one. Only three in ten of the affected companies already had a robust incident response plan in place, which enabled them to quickly identify, isolate and resolve the problem.
About just as many (31 percent) were already using Unified Endpoint Management (UEM), which enabled them to quickly identify the affected systems and initiate suitable measures remotely. Just under a quarter of all companies (24 percent) introduced UEM after the incident.
Difficult Conditions for IT Security Teams
Despite the measures taken, there is still a need for action. With an increase of 11 percent, only slightly more respondents currently believe their company is optimally prepared for security incidents than in the previous year (2023: 44 percent; 2024: 49 percent). The biggest challenge for security teams is the increasing number of security incidents every year. More than eight out of ten have recorded a slight (56 percent) or even sharp increase (26 percent) in the past twelve months.
Most teams also see this rapidly changing threat landscape as the biggest challenge in incident response (34 percent). In second place is the implementation of comprehensive post-incident reviews (15 percent). Tied at twelve percent each are the lack of integration between tools, timely and appropriate communication with the public, and the lack of qualified personnel.
IT Security Teams are Increasingly Relying on Automation
More frequently than in the previous year, security teams are meeting these challenges by automating their incident response processes to a greater extent, among other things. Last year, just under half of those surveyed (49 percent) automated routine tasks while retaining human control over critical decisions. This year, the proportion has risen to 57 percent.
A further 21 percent (2023: 19 percent) use basic automation for alerts and otherwise rely heavily on human decisions. 16 percent automate as much as possible and limit human intervention in incident response to a minimum. Only six percent do not automate their processes at all and rely entirely on human intervention.
Realistic, Clear and Easy-to-Implement Guidelines for IT Security
“It’s a cat-and-mouse game: attackers are taking advantage of new technologies such as artificial intelligence and machine learning to attack more frequently, more quickly and with greater sophistication. On the other hand, security teams are chasing after them and trying to streamline and speed up their processes through automation,” explains Jens Bothe, Vice President lnformation Security of OTRS Group. “But it is an unequal battle. This is because organizations are bound by many, often opaque, rules that malicious actors do not adhere to. The obligations that arise for companies from regulations such as NIS-2 or DORA are necessary and appropriate but have too much lag time before compliance is required. Legislators need to act faster here and involve IT security experts comprehensively and at an early stage in order to develop realistic, clear guidelines that companies can implement quickly and easily.”
###
About the Survey “OTRS Spotlight: Corporate Security 2024”
The data used is based on an online survey conducted by Pollfish Inc. on behalf of OTRS AG, in which 476 IT und cyber security professionals in the U.S., Germany, Brazil, Mexico, Australia and Malaysia participated between August 22 and September 17, 2024.
Additional results from the first part of the survey can be found in the infographic, which is available for download here.
About OTRS Group
OTRS Group is the manufacturer and the world’s largest provider of the enterprise service management suite OTRS. It offers companies industry-independent software solutions for structured communication in customer service, IT service management and security management. In addition to the core product OTRS, the security solution STORM ensures efficient cybersecurity incident management and transparent documentation in accordance with standards such as ISO 27001.
Among its customers are Lufthansa, Porsche, BSI (Federal Office for Security in Information Technology), Helios Kliniken, Haribo, Bosch, and TUI Cruises. The company consists of OTRS AG and its five subsidiaries OTRS Inc. (USA), OTRS S.A. de C.V. (Mexico), OTRS Asia Pte. Ltd. (Singapore), OTRS do Brasil Soluções Ltda. (Brazil) and OTRS Magyarország Kft. (Hungary). OTRS AG is listed on the basic board of the Frankfurt Stock Exchange.
For more information, see www.otrs.com.