According to the following multi-country survey, IT and cybersecurity professionals have uncovered numerous challenges in achieving better information and security management

Based on a commissioned survey of 476 IT and cyber security professionals in the USA, Germany, Brazil, Mexico, Australia and Malaysia between 22 August and 17 September 2024 on the topic of information and device security after the CrowdStrike Outage, some trends have been announced by a manufacturer of an enterprise service management suite that addresses IT service and security management (among other functions).

First, 68% of respondents citing already having an information security management system (ISMS) in place, although “in many cases” important tools and processes had not yet been fully integrated into it. Some 66% cited lacking the full integration of asset management, security awareness training and audit and compliance reporting; and 70% cited that patch management was not yet fully integrated into the ISMS. 

Second, 61% of respondents who were in security teams cited the complexity of integration as the biggest obstacle to fully integrating asset management into their ISMS process and tool landscape. Other obstacles included data inconsistency (42%) and delayed data synchronization (40%).

Other findings

Third, 41% of respondents cited primarily using dedicated asset management software for ISMS integration; 37% cited using special integration tools for this purpose. Some 10% had cited implementing the integration using their own scripts and APIs or transferring and synchronizing data manually. Also:

  • Compliance challenges for ensuring information security cited by respondents included:
    ⟩ increasing numbers of devices in the system, leading to scalability problems (33%)
    ⟩ the variety of devices and operating systems (33%)
    ⟩ the management of devices in mobile or hybrid working environments (32%)
    ⟩ limited IT staff or resources (39%)
  • 87% of respondents indicated their organizations are already using AI-enabled devices, linked to potential data security risks. This was countered by 46% of respondents in security primarily by training employees in the secure handling of data, or using secure servers for data processing to manage the risks and compliance with data protection regulations when using AI-enabled devices (43%). Some 40% cited implementing strict usage policies for this purpose, while 21% cited the use of mobile device management or unified endpoint management to disable or restrict AI capabilities.
  • Common staff queries to respondents included:
    ⟩ concerns about suspicious emails or possible phishing attempts
    ⟩ devices and their use and security
    ⟩ questions about the legitimacy of software or app downloads or updates
    ⟩ concerns about the security of personal devices used for work
  • In terms of device security, 26% of respondents received reports of lost or stolen devices with sensitive data “frequently” or “very frequently”. According to respondents, device loss one of the most high-risk or damaging issues for their organization: 37% indicated that lost or stolen devices with sensitive data had caused “extreme” or “significant” damage or risk to their organization in the past. Finally, vulnerabilities or corrupted files in company systems and devices (38%), as well as vulnerabilities, data breaches or misuse of AI tools or services (38) have also been cited by respondents to have caused “extreme” or “significant” damage or risk more often in the past than phishing emails (36%).

According to Jens Bothe, Vice President, Information Security, OTRS Group — the firm releasing its commissioned survey results: “Companies have more and more devices and endpoints to manage due to home office, mobile working and increasing digitalization in all sectors. For security teams, this also means more and more risks and attack surfaces that they have to protect and secure: in many cases remotely. To ensure that they have the necessary resources — both in the form of personnel and supporting software solutions — (all employees) must be aware of the economic risks that each additional endpoint brings with it.”