WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Technology Software Products Thursday, March 28, 2024 
Add Press Release News | News Feeds Feeds | Email This News Email


In a Year Where Security is Paramount, Many Drop the Ball
Wednesday, October 28, 2020

Computer Economics, a service of Avasant Research, has released its major annual study on 34 IT management best practices, and one important category - IT security and risk management-is showing mixed results. This is a bad sign in 2020, considering the changing threat landscape and the ramifications of the pandemic. Many companies virtualized their IT organizations and shifted to work from home (WFH) environments early in 2020. When this happened, they dramatically extended the boundaries of their enterprise into insecure territory.

LOS ANGELES, Oct. 20, 2020 /PRNewswire-PRWeb/ -- Computer Economics, a service of Avasant Research, has released its major annual study on 34 IT management best practices, and one important category - IT security and risk management-is showing mixed results. This is a bad sign in 2020, considering the changing threat landscape and the ramifications of the pandemic. Many companies virtualized their IT organizations and shifted to work from home (WFH) environments early in 2020. When this happened, they dramatically extended the boundaries of their enterprise into insecure territory.

"Cyberattacks have surged at least 85% since March," said Tom Dunlap, director of research for Computer Economics, a service of Avasant Research, based in Los Angeles. "Data theft and ransomware are on the rise, aimed increasingly at the work-from-home crowd. Because of this new reality, it is shocking what our best practices survey revealed this year: Many security best practices are not applied consistently."

Figure 3 from our full study, IT Management Best Practices 2020-2021, shows that five IT security and risk management practices range in maturity from 41% to 46%. What do we mean by practice maturity? It means the percentage of respondents that apply a practice formally and consistently. Take encryption, for example, which has a 46% maturity rating. Forty-six percent of companies encrypt data consistently and with a formal plan. This means a whopping 54% of survey respondents do NOT encrypt data formally and consistently, which is alarming. This might mean they don't encrypt all of their data or perhaps they encrypt data at rest but not while it is moving. Or, there is no formal plan in place to be sure all critical data is encrypted. This is a security breach waiting to happen.

Or take security incident management--number two on our most mature list--with 44% saying they apply this best practice formally and consistently. But that means 56% of companies do not consistently and formally record, track, and resolve security incidents. The fact that 44% of organizations have a security incident management practice is expected, given corporate standards and WFH realities. But it is disappointing that 56% do not manage security incidents formally and consistently. Even more disappointing is that the maturity percentage (44%) is down from last year (51%). Perhaps this is one reason that we continue to see little progress against high-profile cyberattacks.

Third on the list is two-factor authentication (2FA), at 43%. Two-factor authentication is a security measure that provides an extra layer of protection to an account log-in. It was at 34% last year, so at least it's moving in the right direction. Still, the fact that 57% don't use 2FA formally and consistently is worrisome.

Penetration testing is fourth at 42%. A penetration test, often called a pen test, is a best practice that identifies security weaknesses. It was at 44% last year, so it's down a bit in 2020. Not to beat a dead horse, but the fact that 58% do not consistently and formally conduct pen tests is disappointing.

Rounding out the most-mature list is IT security compliance audits, at 41%. Periodically auditing users and IT staff to ensure that security and privacy policies are followed is one of the most important security measures an organization can take. What good is having security policies in place if no one is following them? It is disappointing that this maturity number is only 41%. It was practically the same last year, 42%.

Some of the 34 best practices are well-established disciplines and are widely accepted. Others are gaining traction among leading-edge organizations. Still other practices are being widely promoted by tools vendors and consultants but are only rarely adopted, and it remains uncertain whether they will endure. Our goal in this study is to provide IT executives with real-world data on how widely each practice is implemented, a basis for comparing their organizations with their peers, and a means of identifying emerging best practices.

This study is now in its 13th year. Each year, we ask IT organizations in our annual survey to what extent they have adopted a selected list of IT management best practices. Survey participants have five response choices:

    --  No Activity: We are not practicing this discipline in any way.
    --  Implementing: We are in process of implementing this best practice.
    --  Practicing Informally: We do not have formal policies or procedures for
        this discipline, but we do practice it in an informal or ad-hoc manner.
    --  Practicing Formally but Inconsistently: We have formal policies and
        procedures for this discipline, but we do not follow them consistently
        or to the extent that we should.
    --  Practicing Formally and Consistently: We have formal policies and
        procedures for this discipline, and we follow them consistently. This is
        the maturity level.

The best practices in the study are as follows:

    --  IT governance practices: IT strategic planning, IT steering committee,
        IT project portfolio management, project management office, IT change
        control board, organizational change management, and enterprise
        architecture.
    --  IT financial management practices: IT personnel time tracking,
        service-based cost accounting, chargeback of IT costs, showback of IT
        costs, IT service catalog, and benchmarking IT spending levels.
    --  IT operational management practices: Monitoring software licenses, IT
        Infrastructure Library (ITIL), IT asset management system, bring your
        own device, user-satisfaction surveying, and IT performance metrics.
    --  IT security and risk management practices: IT security training, data
        classification and retention, two-factor authentication, IT security
        compliance audits, penetration testing, security incident management,
        encryption, disaster recovery planning, disaster recovery testing, and
        business continuity planning.
    --  Application development practices: system development life cycle, agile
        development, software change management process, DevOps, website
        accessibility, and post-implementation audits.

The full study is designed to increase the awareness of IT leaders concerning what are the best practices in IT management, provide benchmarks against which an IT organization can compare its own adoption and practice level, and justify investments to improve an organization's IT management practices.

This Research Byte is a brief overview of our report on this subject, IT Management Best Practices 2020-2021. The full report is available at no charge for Avasant Research subscribers, or it may be purchased by non-subscribers directly from our website (click for pricing).

About Avasant:

Avasant is a leading management consulting firm focused on translating the power of technology into realizable business strategies for the world's largest corporations. Specializing in digital and IT transformation, sourcing advisory, global strategy, and governance services, Avasant prides itself on delivering high-value engagements through industry-focused innovation and flexible client-based solutions.

Our seasoned professionals have an average of 20 years of industry-honed expertise, having conducted 1000+ engagements in over 50 countries. Avasant's next generation consulting and advisory methods have made it the top-ranked firm in its class, with recognition from numerous organizations, including: Vault, NOA, IAOP, and Wall Street Journal.

Avasant's engagement in the global market has inspired a strong commitment to community and purpose. Avasant Foundation supports technology and skill development programs to create employment opportunities for youth across Africa, Asia, the Caribbean and Latin America.

For more information, visit https://www.avasant.com.

Follow news, photos and video on Twitter at http://www.twitter.com/avasant, Facebook at https://www.facebook.com/avasantllc, and LinkedIn at https://www.linkedin.com/company/avasant/.

SOURCE Avasant



Email This News Email | Submit To Slashdot Slashdot | Submit To Digg.com Digg | Submit To del.icio.us Del.icio.us | News Feeds Feeds

RELATED NEWS ARTICLES
Nav Global IoT in Agriculture Industry Research 2023-2033: Established Players Dominate the Growing Market | Mar 28, 2024
Nav Sony Electronics Delivers Firmware Updates including C2PA Compliancy as a Next Step to Ensure Authenticity of Images | Mar 28, 2024
Nav Airties Launches Orbit: Continuous Test Automation Platform for Managed Wi-Fi Deployments | Mar 28, 2024
Nav Slenergy Focuses on Service Network in Europe | Mar 28, 2024
Nav Global Diagnostics Distribution Deal Trends Report and Directory 2024: Company A-Z, Headline Value, Therapeutic Area, Technology Type | Mar 28, 2024
Nav /C O R R E C T I O N -- SEMIFIVE/ | Mar 28, 2024
Nav As RentRedi Expands Reporting to All Three Major Credit Bureaus, Landlords See 13% Jump in On-time Rent Payments | Mar 28, 2024
Nav Global Biotechnology Licensing Analysis Report 2024: Comprehensive Insight into Licensing Strategies and Agreements - Access to Upfront, Milestone, and Royalties Data | Mar 28, 2024
Nav 2024 Emerging Trends Revolutionizing the Mobility Industry: Dynamic Changes Driven by Innovative Startups | Mar 28, 2024
Nav Automotive Digital Cockpit Domain Controller Power Expected to Double by 2030 | Mar 28, 2024
NEWS SEARCH

FEATURED NEWS | POPULAR NEWS
Submit News | View More News View More News