6 percent of companies have no clearly defined responsibilities with regard to security incidents
Cupertino, August 9, 2021 – One of the largest hacker attacks in history has just made headlines. In the attack on IT company Kaseya, perpetrators are demanding a ransom of $70 million. Examples like this show how vulnerable companies are when it comes to their data.
Forty-two percent of companies surveyed in a recent global OTRS Group study say they are acceptably prepared for a security incident, only a bit more than half of them (56 percent) are optimally prepared for an incident, according to the survey[1]. Two percent say they are not adequately prepared.
When asked whether responsibilities and tasks are clearly defined in the event of a security incident, the vast majority (93 percent) agreed while six percent believe this is not the case.
To map their security process, companies work with a mix of frameworks
According to the survey, 23 percent of organizations use the CERT.org framework for their security processes, 21 percent use ISO270035, 10 percent use NIST, four percent use KRITIS, and the majority (at 35 percent) use a mix of multiple frameworks.
Nearly one-third (26 percent) say that their incident management plan has helped optimize IT security and prevent security incidents. Twenty percent also say their existing plan has been helpful in documenting and structuring incidents. Nineteen percent find their incident management plan appropriate for figuring out why security incidents happen.
Seventy-seven percent use a security information and event management (SIEM) system as part of their security processes.
Professionals see significant advantages when using SOAR software / They also appreciate the benefits of vulnerability management
Seventy-one percent also use SOAR (Security Orchestration Automation Response) software. Of these, 24 percent say it makes it much easier to work with IT. Twenty-two percent primarily experience improved response times as a result, and 20 percent speed up problem resolution.
Eighty-six percent of companies have vulnerability management in place and 89 percent also use a corresponding tool for this purpose. Thirty-seven percent of these say the main reason is that they find vulnerabilities faster. Thirty-two percent say the tool better structures and documents vulnerabilities, while 31 percent says it helps them close security gaps faster.
Security gaps due to outdated software
Another result of the survey: 65 percent had security gaps because they had not upgraded to the latest software. Almost half (49 percent) tried to save money this way and regretted it.
In general, 15 percent of the IT security teams surveyed would like to see more attention paid to their topic within the company. Eighty-five percent are satisfied with how everything is currently handled.
“Current examples show that hacker attacks are increasing extremely – certainly also due to the pandemic and mobile working,” says Jens Bothe, Director Global Consulting and security expert at OTRS AG. “The fact that only 56 percent of companies are optimally prepared for a security incident is alarming. The security gaps in the case of outdated software at 65 percent of companies should also give pause for thought.”
STORM SOAR solutions from OTRS Group helps companies respond quickly and reliably in the event of an incident. Read more: storm/https://otrs.com/product-storm/new-features-in-storm/
About OTRS Group
OTRS Group is the manufacturer and the world’s largest provider of the service management suite OTRS, awarded with the SERVIEW CERTIFIED TOOL seal of approval.
It offers companies industry-independent solutions for structured communication in customer service, IT service management and security management. In addition to the core product OTRS, the security solutions STORM and CONTROL ensure efficient cybersecurity incident management and transparent documentation in accordance with standards such as ISO 27001.
Among its customers are Lufthansa, Airbus, IBM, Porsche, BSI (Federal Office for Security in Information Technology), Max Planck Institute, Toyota and Hapag Lloyd. OTRS is available in 40 languages. The company consists of OTRS AG and its six subsidiaries OTRS Inc. (USA), OTRS S.A. de C.V. (Mexico), OTRS Asia Pte. Ltd. (Singapore), OTRS Asia Ltd. (Hong Kong), OTRS do Brasil Soluções Ltda. (Brazil) and OTRS Magyarország Kft. (Hungary). OTRS AG is listed on the basic board of the Frankfurt Stock Exchange. For more information, see www.otrs.com.
[1] OTRS Group conducted a Pollfish survey of 500 security executives in Germany, USA, Singapore, Brazil and Mexico from June-July 2021.
