Thursday, 29 July 2021 23:28

SolarWinds IT trends report 2021 says risks are high but so is apathy Featured

By

SolarWinds today released its eighth annual IT trends report. Its findings paint a picture where organisations everywhere have exposure to enterprise IT risk, but where risk preparedness is being met with apathy and complacency as businesses exit their COVID-19 crisis mode. The opportunity is there for IT leaders and tech pros to steer their company's future.

The report focused on building a secure future, coming eight months after SolarWinds itself was victim to a sophisticated Sunburst cyber attack, and examined how technology professionals perceive the evolving state of risk in today’s business environment following the internal impact of COVID-19 IT policies and exposure to external breaches. SolarWinds says the report is part of its commitment to leading industry collaboration and transparency in preventing future cyberattacks and aiding technology professionals navigate the new threat landscape of the modern-day.

Over the last year, as a direct consequence of COVID-19 social distancing and lockdown rules enacted by Governments, technology professionals were tasked with enabling a distributed global workforce and managing the adoption of public cloud services so their employers could keep their businesses running.

The rollout was vast and rapid, and the risk of incomplete security policies and procedures became apparent with nearly every industry confronted by accelerated high-level cybersecurity breaches.

Against this backdrop, SolarWinds sought to explore organisational exposure to enterprise IT risk of all kinds, including risks introduced by remote working, and the degree to which organisations and prepared and capable of managing and mitigating risks.

The findings of the SolarWinds IT trends report 2021 show that exposure to enterprise IT risk is common across organisations, but apathy and complacency surrounding risk preparedness is high.

web
counter

The report finds technology professionals have outlined key areas of investment and upskilling around cloud computing, network infrastructure, and security and compliance - meaning there is an inherent awareness of what ought to be done, but yet is not being realised. SolarWinds says this awareness falling behind is perhaps the greatest risk of all.

The study thus reveals the immense opportunity available to IT leaders and technology professionals to align and collaborate on how to best position their organisation - and industry as a whole - to succeed in the future through risk preparedness.

Thomas LaRock, head geek, SolarWinds, said, "although the shift to remote work was cited as a leading factor in heightened risk exposure for businesses over the past year, many tech pros have reached the point where they’re confident in work from home (WFH)/remote work policies. But this moment in time represents a critical inflection point for organisations, as hubris can sink into widespread security apathy and complacency.”

"It’s important for tech pros to avoid considering security as an add-on or expecting ownership to sit solely with a separate security team—security is every tech pro’s responsibility. Most of the risk is produced by us humans and our behaviour, so we need to think of ourselves as part of the extended security team.”

"It’s important for IT teams to examine current processes from the outside in and deploy solutions to provide complete visibility into all systems so they can identify areas of risk and opportunity. Even relatively simple changes like faster upgrades and patches, using password managers, and multi-factor authentication (MFA) solutions can strengthen an organisation’s overall security posture,” LaRock said.

Australian trends

While the key insights and findings (listed below) were consistent globally, LaRock notices some interesting results relating to Australia specifically.

"The level of the perceived risk exposure was lower for Australia compared to the global averages. In Australia, 24% of respondents from enterprise organisations, 8% of respondents from small businesses, and 9% of respondents from mid-size organisations perceived high risk or extremely high risk of exposure, compared to 39%, 23%, and 29%, respectively, at a global level,” LaRock said.

"This could be correlated to the fact 85% of Australian respondents generally feel prepared to manage, mitigate, and resolve risk factor-related issues due to policies and procedures already in place, compared to 72% globally. This preparation likely contributes to a perception of lower risk exposure.”

"Finally, 68% of Australian respondents are confident or extremely confident their IT organisations will continue to invest in risk management/mitigation technologies over the next three years. By comparison, the global average for this is 49%, showing a higher confidence level when it comes to the prioritisation of security in their organisations in Australia,” LaRock said.

How to get a security budget

A key finding below is 47% of respondents felt budget-restricted their ability to protect against threats. If you’re in this situation, Thomas LaRock has practical advice for you: “It’s the IT team’s job to know exactly where risk management investments should go beyond generic recommendations. Tech pros must present proof points and justifications to gather senior buy-in so policies and technologies can be implemented effectively and at scale. Add facts and figures wherever possible to reinforce the recommendation. Pinpoint the impact on customer trust should the game of risk not go in the organisation’s favour."

"Likewise, bring consequences to life for decision-makers who aren’t in the IT trenches: how long would business be down if there was an issue? How does the financial impact of an incident compare to the cost of investing in a better risk strategy? Strategic conversations between IT teams and senior business leaders are imperative, and making a strong case for these investments is equally critical after a year of cuts and restrictions for many companies. Everyone’s fighting for a slice of the budget. Putting supporting data and documentation in your IT leaders’ hands for these conversations may make all the difference toward budget approval.”

Key findings

Key findings from the report include:

  1. 36% of overall tech pro respondents state their organisation have had medium exposure to enterprise IT risk over the past 12 months.
  2. The level of perceived risk exposure differs by size of the organisation. A sense of high-risk or extremely high-risk exposure is perceived more acutely by tech pros at enterprise organisations (24%) as compared to their small business (8%) and mid-size (9%) counterparts.
  3. Security breaches are perceived to be the biggest external factors influencing an organisation's risk, with 67% of respondents citing external security threats - like cyberattacks - as the top macro trend influencing their organisations’ risk exposure.
  4. However, COVID-19 had an equally critical impact on organisations’ risk exposure, with tech pros flagging these top associated risk-inducing factors - remote work policies (67%); accelerated digital transformation initiatives (40%); exponential growth of data as a result of new WFH needs (33%)
  5. Likewise, 46% of tech pros surveyed said the accelerated shift to remote working was the number-one aspect of current IT environments considered to increase an organisation's risk exposure.
  6. 62% of respondents say security and compliance ranked in the top three technologies most critical to managing/mitigating risk within their organisations, followed by network infrastructure (43%) and cloud computing (30%).
  7. 85% of tech pros surveyed “agree” or “strongly agree” their IT organisations are prepared to manage, mitigate, and resolve risk factor-related issues due to the policies and/or procedures they already have in place.
  8. 83% of tech pros surveyed “agreed” or “strongly agreed” technology is the best way for organisations to manage, mitigate, and resolve issues related to risk.
  9. IT teams prioritised investment in security and compliance (49%), followed by network infrastructure (41%) and cloud computing (41%) to accommodate the unprecedented demands of COVID-19 and the shift to remote work.
  10. However, despite understanding technology can play a critical role in enterprise IT risk management, barriers to its adoption and implementation exist. The top three challenges to utilising technology to mitigate and/or manage risk reported by surveyed tech pros are lack of budget/resources (47%); lack of training for personnel (47%); unclear or shifting priorities (38%)
  11. 8% of respondents are confident or extremely confident their IT organisations will continue to invest in risk management/mitigation technologies over the next three years.
  12. 67% perceive their organisation’s senior leaders or decision-makers to have a heightened awareness of risk exposure, believing it’s not “if” but “when” they will be impacted by a risk factor. But while 39% of those respondents believe their organisation is prepared to mitigate and manage potential risk, 28% said their senior leaders have difficulty convincing other leaders of this reality, ultimately limiting resources to address risk.

You can explore and interact with the 2021 findings through the SolarWinds IT Trends Index site. This year the site also allows visitors to see how they compare to the results.

“Technology professionals today are under even greater pressure to ensure optimised, secure performance for remote workforces while facing limited time and resources for personnel training. When it comes to risk management and mitigation, prioritising intentional investments in technology solutions that meet business needs is critical,” said Sudhakar Ramakrishna, president and CEO, SolarWinds. “More than ever before, tech pros must partner closely with business leaders to ensure they have the resources and headcount necessary to proactively address security risks. And more importantly, tech pros should constantly assess their risk management, mitigation, and protocols to avoid falling into complacency and being 'blind’ to risk.”

 

Pictured: Thomas LaRock, head geek, SolarWinds 


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments