A Cohesity study shows that almost half of companies have been attacked by ransomware in the last six months. A lack of collaboration between IT and security teams makes organizations more vulnerable to cyber threats.
Many companies are more susceptible to cyber attacks such as ransomware attacks because IT and security officers (SecOps) work poorly together. That shows a study by Cohesity, a leading provider of data management solutions. Most IT and security decision-makers are convinced that both teams should share responsibility for their company's holistic data security strategy - from preventing cyber attacks to backing up and restoring data. But they fail in practical implementation. Almost half of those surveyed believe that this makes their company more vulnerable to cyber attacks - with catastrophic consequences for their business.
75 percent see the ransomware threat
Three-quarters of respondents agree that ransomware threats have increased in their industry over the past year. Almost half of the respondents confirmed that their company was attacked by ransomware in the last six months. The study is based on a survey of more than 2022 IT decision makers and SecOps professionals from the US, UK and Australia, commissioned by Cohesity and conducted by Censuswide in April 2.000.
The main results of the study
- IT security should be shared responsibility: 81 percent of respondents agree that IT and SecOps teams should share responsibility for their organization's data security strategy.
- IT and security teams rarely work together effectively: Almost a third of SecOps professionals agree that collaboration with IT is not good, with nearly 10 percent of those respondents calling it “poor”. Among IT decision-makers, 13 percent rate the collaboration as not good. Overall, almost a quarter of all respondents from IT and SecOps are of the opinion that both groups do not cooperate closely enough.
- Although cyber attacks have increased, in many cases the cooperation between IT and SecOps is stagnating or even declining: A total of 40 percent of those surveyed say that the cooperation between the two groups has remained the same despite the increase in cyber attacks. 12 percent state that, despite the serious situation, they cooperate less well with each other. While only 5 percent of IT decision makers believe collaboration has decreased, 18 percent of SecOps respondents agree.
- The ongoing skills shortage is making the situation worse: According to 78 percent of those surveyed, the lack of IT experts is negatively impacting collaboration between IT and security teams.
- Organizations are more at risk because teams interact poorly: Of those IT and SecOps respondents who believe there is insufficient collaboration between the two groups, 42% say their organization is either more (28%) or much more (14%) exposed to cyber threats .
- The consequences can be devastating for companies and careers: In the event of a successful attack, 42 percent of those surveyed fear data loss and just as many fear an interruption to operations. 40 percent are concerned customers are relocating and 35 percent are concerned about blaming their team. 32 percent fear paying ransomware ransoms, and 30 percent fear their IT and SecOps teams will be laid off.
"The study shows that there are major gaps in the way IT and security teams work together in many organizations," said Brian Spanswick, chief information and security officer at Cohesity. “Enterprises must bridge this communication gap if they are to win the battle against cyber threats and ransomware. For too long, many security teams have focused primarily on preventing cyberattacks while IT teams have focused on protecting data including backup and recovery. A comprehensive data security strategy must unite these two worlds. But in too many companies, they remain separate. It is precisely these gaps in cooperation that cybercriminals rely on and are successful with their attacks.”
Importance of data backup and protection
A lack of cooperation and different perspectives are also illustrated by these answers: When asked how important data backup and data protection is as part of security precautions or as a response to a cyber attack, 54% of IT decision-makers confirm that this is the top priority. In contrast, only 38 percent of those surveyed from the SecOps area agree.
"When SecOps teams ignore data backup and recovery issues and lack next-gen data management capabilities as part of an overall security strategy, that's a problem," Spanswick said. “IT and SecOps teams need to work together before the attack takes place while aligning with the NIST framework. This holistic approach defines five core disciplines: Identify, Protect, Detect, Respond and Recover. If the teams only work closely together after the data has already been tapped, it is too late, with devastating consequences for companies.”
IT and SecOps managers see themselves prepared
The study confirms this: 83 percent of the IT and SecOps managers surveyed agree that their company would be better prepared for cyber threats, including ransomware attacks, if security and IT worked more closely together. Better communication and collaboration between IT and security is key for organizations to have more confidence in quickly recovering business systems in the event of a ransomware attack, according to 44 percent.
More at Cohesity.com
About Cohesity Cohesity greatly simplifies data management. The solution makes it easier to secure, manage and create value from data - across the data center, edge and cloud. We offer a full suite of services consolidated on a multi-cloud data platform: data backup and recovery, disaster recovery, file and object services, development / testing, and data compliance, security and analytics. This reduces the complexity and avoids the fragmentation of the mass data. Cohesity can be provided as a service, as a self-managed solution, and through Cohesity partners.