Survey: IT Complexity Is Exposing Organizations to Cybersecurity Risk

• By Rhea Kelly
• 01/10/17

Eighty-three percent of security and IT professionals around the world believe that IT complexity is putting their organizations at cybersecurity risk, according to a new survey from Citrix and the Ponemon Institute. Top areas of concern include nation state attackers (80 percent of respondents), breaches involving high-value information (79 percent of respondents), malicious or criminal insiders (76 percent of respondents) and cyber warfare or cyber terrorism (76 percent of respondents).

The survey polled 4,200-plus IT and IT security practitioners across a variety of industries in Australia/New Zealand, Brazil, Canada, China, Germany, France, India, Japan, Korea, Mexico, Netherlands, United Arab Emirates, United Kingdom and the United States. The largest portion of respondents (16 percent) came from the financial services sector; 12 percent of respondents identified the primary focus of their organization as "public sector" or "education and research."

Other findings include:

• 79 percent of respondents are worried about security breaches involving high-value information;
• 75 percent of respondents believe their organization is not fully prepared to deal with the potential security risks resulting from Internet of Things;
• 74 percent said a new IT security framework is needed to improve their organization's security posture and reduce risk;
• 69 percent reported that their organization's existing security solutions are outdated and inadequate;
• About eight in 10 respondents (81 percent) are concerned the inability to hire and retain security staff with adequate knowledge and credentials;
• Employee behaviors topped the list of "human factor risks," with 74 percent of respondents concerned about employee complacency regarding security, 72 percent citing lack of employee awareness of security practices and 71 percent lamenting the inability to control employees' devices and apps;
• Other risk factors include growth of data assets (cited by 78 percent of respondents), integration of third parties into internal networks and applications (76 percent) and lack of collaboration between IT security and lines of business (76 percent); and
• Respondents' top three most important technologies for a new IT security infrastructure were identity and access management (rated by 78 percent of respondents), machine learning (77 percent) and configuration and log management (76 percent).

"In every region of the world, businesses must accept the fact that security practices and policies need to evolve in order to deal with threats from disruptive technologies, cyber crime and compliance," said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. "The research reveals respondents' awareness of the need to challenge the status quo of their IT security strategies and consider a new IT security architecture to safeguard their organizations from cyber risks."

The full report, "The Need for a New IT Security Architecture: Global Study," is available for free download from the Citrix site (registration required).