Organizations that spent heavily on digital transformation during the pandemic will need two years’ worth of investment to mitigate the resulting security gaps, according to a new report from Veritas.
To compile its latest report, The Vulnerability Lag, the data security vendor polled over 2000 senior IT decision-makers across EMEA, APAC and the US from organizations with at least $100m in revenue.
It found that security (51%) and cloud (56%) are the top two areas in which capability gaps expose these large enterprises to attack.
Respondents claimed they’d need to spend $2.5m on average and hire 27 full-time IT employees to close these gaps within the next 12 months.
The report predicted that it will take firms, on average, two years to eliminate the current vulnerabilities in digital systems, which represent a significant risk to their organization today.
There’s an urgency to them doing so: Veritas claimed the average responding organization had experienced 2.57 ransomware attacks that led to downtime in the past 12 months, while 14% have been hit five times or more.
Organizations with at least one gap in their technology strategy have, on average, experienced five times more ransomware attacks leading to downtime in the past year versus those with no gaps, it added.
Some two-fifths (39%) of respondents claimed that security measures had not kept pace with new digital transformation initiatives prompted by the pandemic. The report claimed that part of the challenge is understanding exactly what technology has been introduced and what needs to be protected.
Douglas Murray, CEO at Valtix, argued that protecting cloud infrastructure and data is particularly challenging, especially in a world where organizations are investing in technology from multiple platform providers.
“The good news is that it inevitably always comes back to the best practices of defense-in-depth and ensuring that the right security controls and policy are deployed against every cloud workload,” he added.
“There are a variety of technologies that can help reduce ransomware risk in the cloud, including network-based intrusion prevention, anti-virus and the segmentation of workloads. By taking a cloud-first approach to these problems, security leaders can set the stage for the future through a cloud-native, multi-cloud security architecture.”