AT&T Study Says Enterprises are Aware of Increased Risks and are Taking Steps to Mitigate Them

As viewers of the old Monty Python’s Flying Circus British comedy TV show used to hear, “Now for something completely different!” As those who follow my postings know, there have been a slew of studies released in the past few weeks chronicling not just the increased frequency, virulence and sophistication of cyber attacks, but also the breadth and depth of enterprise risk exposure.  Indeed, the word “unprepared” has popped up more than once. It has been enough to give all of us nightmares.

Well AT&T (News - Alert) is out with its annual Business Continuity Study, and there is encouraging news to report. Conducted by Research Now the study is based on 500 online surveys done between April 30 and May 5 of 2013 with IT executives in companies with over $25 million in annual revenue.  Participating executives have primary responsibility for business continuity planning, with fifty-nine percent representing companies with locations outside the U.S. What they found is that IT is more than aware of the challenges to business continuity which includes disaster recovery, as well as increased security threats and they are investing.

Be prepared! Plans incorporate wireless network, cloud and mobile apps safeguards

At a high level, the study found:

• 63 percent cite the looming threat of security breaches as their most important security concern for 2013.
• 84 percent are concerned about the use of mobile networks and devices and its impact on security threats.
• 88 percent understand the increasing importance of security and indicate that their companies have a proactive strategy in place.
• 64 percent include their wireless network capabilities as part of their business continuity plan.
• 87 percent indicate their organizations have a business continuity plan in place in case of a disaster or threat – a slight uptick from last year (86 percent).

In short, note that business continuity and security threats were considered after thoughts in IT budgets and they now are up at the top of the pile and seemingly getting the attention they deserve.

The study had some enlightening news on both the disaster recovery and security fronts that should be welcomed by all vendors in the two spaces. For example, the executives are looking to the cloud when it comes to keeping their organizations up and running with disaster strikes. 

• 76 percent are using cloud or plan to invest in cloud services in 2013.
• 62 percent are already including cloud services as part of their corporate infrastructure. What is significant is that this is up 11 percentage points from last year.  
• 66 percent are using or considering using cloud services to augment their business continuity strategy.
• For disaster recovery purposes, 49 percent are using the cloud for data storage.

On the security front, and obviously as part to a holistic approach to risk management, manmade disasters are also top of mind. That said, it is the major threat threats posed by Distributed Denial of Service (DDoS) attacks that rightfully are getting intense scrutiny. I say rightfully because their impacts are so swift and potentially catastrophic. The study found:

• 78 percent indicated that their business continuity plan accommodates the possibility of a network security event.
• 73 percent are taking proactive or reactive measures to protect against DDoS attacks.
• 52 percent are taking proactive measures by identifying potential attacks with DDoS protection services.
• The majority of organizations surveyed invest in mobile security services. Of those companies, 66 percent take proactive measures against DDoS attacks.

"Companies today are very aware and concerned about the potential threats that could disrupt their operations," said Michael Singer, AVP, Mobile, Cloud and Access Management Security at AT&T. "With their business continuity plans in place, businesses are investing in new technologies like network enabled cloud services to help strengthen and expand their overall continuity strategies."

AT&T is heavily invested in helping businesses manage the risks associated with natural disasters, as well as the rising tide of problems caused by bad actors or human and system error. Its portfolio includes disaster planning, risk management, recovery preparedness and communications readiness. The company also conducts several Network Disaster Recovery (NDR) exercises each year in both regional and international markets designed to test, refine and strengthen AT&T's services by simulating large-scale disasters and network service disruptions.

With the number of vectors of vulnerability increasing, including the cloud to assure business continuity is a chief driver of large enterprises moving to the cloud. Plus, getting better visibility on the most malicious security threats posed by DDoS is clearly a case where an ounce of protection is very valuable. 

On the mobility side of things it is clear in looking at all of the other studies in recent days that BYOD has been a game changer and there is work to be done, and investments to be made. The world is about managing people (identity and authentication), the devices they use, the apps that run on those devices, third-party content accessed, along with network security and the level of encryption and certification management need to make enterprises more secure.  

We live in an age of policy and rule creation and enforcement, and while certain capabilities that IT has invested in have given them more visibility and control, others as a result of BYOD and other industry trends remained to be tamed. In fact, all of this and more will be the subject of TMC’s (News - Alert) Secure Mobility Conference to be held July 23 at NYU’s Kimmel Center, and you are invited to find out more. 

As noted at the top. The good news is the serious business of risk mitigation is being addressed by IT professionals in enterprises around the world and investment in preparedness capabilities is on the rise. However, so are the risks, and whether IT is keeping up with the challenges and what the best practices are for moving ahead are being hotly debated. The conversation is intense and by all means now is the time to join in.