In 2020, the global pandemic transformed the way we work, rapidly matured a distributed global workforce, and accelerated digital transformation efforts. Public cloud services consumption increased sharply. Organisations pivoted seemingly overnight to implement technologies to ensure the lights stayed on and employees were empowered to be successful working from home. Against this backdrop, nearly every industry was confronted with the rise of high-level cybersecurity breaches, highlighting the potential risk of incomplete security policies and procedures. A year of unprecedented upheaval has ultimately served as a critical catalyst for a broader exploration of organisations’ exposure to enterprise IT risk of all kinds—including risk introduced by the implications of remote, distributed work—and the degree to which organisations are prepared to manage, mitigate, and prevent risk in the future.
To better understand the evolving landscape, the SolarWinds® IT Trends Report 2021, titled ‘Building a Secure Future’ examines how technology professionals from Australia perceive their organisations’ risk management and mitigation readiness after a year of rapid transformation fuelled by the global pandemic. Here are the key findings.
Security threats associated with external breaches and the internal impact of COVID-19 IT policies emerged as the leading macro trends influencing enterprise IT risk today.
36% of overall tech pro respondents state their organisation have had medium exposure to enterprise IT risk over the past 12 months. The level of perceived risk exposure differs by size of organisation. A sense of high-risk or extremely high-risk exposure is perceived more acutely by tech pros at enterprise organisations (24%) as compared to their small business (8%) and mid-size (9%) counterparts.
Security breaches are perceived to be the biggest external factors influencing an organisation’s risk, with 67% of respondents citing external security threats – like cyberattacks – as the top macro trend influencing their organisations’ risk exposure. However, COVID-19 had an equally critical impact on organisations’ risk exposure, with tech pros flagging these top associated risk-inducing factors:
Surveyed tech pros are confident in their risk management and mitigation preparedness strategies although enterprise IT risk exists within their organisations.
85% of tech pros surveyed “agree” or “strongly agree” their IT organisations are prepared to manage, mitigate, and resolve risk factor-related issues due to the policies and/or procedures they already have in place. This finding is echoed by organisations’ careful approach to technology adoption and implementations in response to shifting demands of COVID-19 distributed work environments: despite the accelerated timeline, nearly two-thirds (63%) of respondents said standard or heightened risk management protocols were followed.
While tech pros prioritise investments in security and compliance, network infrastructure, and cloud computing as core technologies to help manage risk, implementation is hampered by dwindling resources and access to personnel training.
83% of tech pros surveyed “agreed” or “strongly agreed” technology is the best way for organisations to manage, mitigate, and resolve issues related to risk. IT teams prioritised investment in security and compliance (49%), followed by network infrastructure (41%) and cloud computing (41%) to accommodate the unprecedented demands of COVID-19 and the shift to remote work.
However, despite understanding technology can play a critical role in enterprise IT risk management, barriers to its adoption and implementation exist. The top three challenges to utilising technology to mitigate and/or manage risk reported by surveyed tech pros are:
Tech pros are capitalising on an opportunity to foster greater alignment and collaboration with senior leaders who will best position their organisations to manage and mitigate risks in the future.
68% of respondents are confident or extremely confident their IT organisations will continue to invest in risk management/mitigation technologies over the next three years. Furthermore, 67% perceive their organisation’s senior leaders or decision-makers to have a heightened awareness of risk exposure, believing it’s not “if” but “when” they will be impacted by a risk factor. But while 39% of those respondents believe their organisation is prepared to mitigate and manage potential risk, 28% said their senior leaders have difficulty convincing other leaders of this reality, ultimately limiting resources to address risk.
After a year of IT on the frontlines of COVID-19-driven digital transformations, tech pros and organisations are on the cusp of exiting “crisis mode.” But this moment in time represents a critical inflection point for organisations, as hubris can sink into widespread security apathy and complacency. As a tech pro, it can be easy to think about security as an add-on or expect ownership to sit with a discrete security team. Unfortunately, those perceptions no longer reflect the world we live in. Security 101 demands security be every tech pro’s responsibility: most of the risk is produced by us humans and our behaviour, and we need to think of ourselves as part of the extended security team. Ultimately, tech pros should always be assessing their risk management, mitigation, and protocols to avoid falling into complacency and being “blind” to risk.