The CrowdStrike incident, which paralyzed the global economy, causing countless screens around the world to turn permanently blue last July, apparently served as a wake-up call for many companies. And not just for those whose systems were directly affected. Of all the IT and cybersecurity experts surveyed in the study “OTRS Spotlight: Corporate Security 2024”, 93% responded to the incident and took steps to better prepare for future incidents of this type.
The most popular method: Just under half of respondents (45%) have diversified their IT landscape and systems to become less dependent on individual software providers. For the study, software company OTRS Group, in collaboration with market research firm Pollfish, interviewed 476 IT and cybersecurity professionals, including 100 in Brazil.
Better late than never: Security teams prepare after CrowdStrike incident
It appears that many of the companies directly affected were inadequately prepared to mitigate the impact of the incident using their own resources. The majority took the actions described by CrowdStrike to resolve the issue (44%) and/or installed the provided fix (43%) as soon as it was available.
Only 38% had access to advanced real-time monitoring and alert systems to enable rapid intervention in such an event. Of all companies — affected or not — 40% only introduced these systems after the incident.
Nearly as many (39% each) subsequently introduced additional testing for new patches and updates, or an incident response plan, or updated the existing one. Only three in ten affected companies already had a robust incident response plan in place, allowing them to identify, isolate and resolve the issue quickly.
Only 31% were already using Unified Endpoint Management (UEM), which allowed them to quickly identify affected systems and initiate appropriate measures remotely. Just under a quarter of all companies (24%) introduced UEM after the incident.
Difficult conditions for IT security teams
Despite the measures taken, there is still a need for action. With an increase of 11%, only slightly more respondents currently believe their company is optimally prepared for security incidents than in the previous year (2023: 44%; 2024: 49%). The biggest challenge for security teams is the increasing number of security incidents each year. More than eight in ten recorded a slight increase (56%) or even a sharp increase (26%) in the last twelve months.
Most teams also see this rapidly changing threat landscape as the biggest incident response challenge (34%). In second place is the implementation of comprehensive post-incident reviews (15%). Tied at twelve percent each are: the lack of integration between tools; timely and appropriate communication with the public and lack of qualified personnel.
IT security teams are increasingly relying on automation
More frequently than in the previous year, security teams are addressing these challenges by automating their incident response processes to a greater extent, among other things. Last year, just under half of respondents (49%) automated routine tasks, maintaining human control over critical decisions. This year, the proportion increased to 57%.
Another 21% (2023: 19%) use basic automation for alerts and otherwise rely heavily on human decisions. A smaller group at 16% automate as much as possible, limiting human intervention in incident response to a minimum. Only 6% do not automate their processes and depend entirely on human intervention.
Realistic, clear, and easy-to-implement guidelines for IT security
“It’s a game of cat and mouse: attackers are leveraging new technologies, such as artificial intelligence and machine learning, to attack more frequently, faster and with greater sophistication. On the other hand, security teams are chasing them and trying to streamline and accelerate their processes through automation”, explains Jens Bothe, vice president of information security at OTRS Group. “But it’s an unequal battle. This is because organizations are bound by many, often opaque, rules that bad actors do not adhere to. The obligations that arise for companies from regulations such as NIS-2 or DORA are necessary and appropriate, but have a long lag time before compliance is required. Policymakers need to act faster and engage the services of IT security experts comprehensively and at an early stage to develop clear, realistic guidelines that companies can implement quickly and easily.
See the original post at: CisoAdvisor
