New Report Examines the Current State of ITOps and SecOps

According to the 2022 State of ITOps and SecOps survey (https://www.informationweek.com/security-and-risk-strategy/the-state-of-itops-and-secops-an-inside-look) from InformationWeek, the majority of IT and security teams have effectively handled the operational challenges of dealing with primarily remote workforces. However, the majority of respondents also said their teams are understaffed.

This year's survey looked specifically at how IT and security teams adjusted to organizational changes resulting from the global pandemic, and 77 percent of respondents rated their response to working from home as effective or highly effective.

Other findings include:

• Eighty-four percent of survey respondents said that cybersecurity is important or absolutely critical to their organization and top management.
• Seventy-two percent of respondents said their organizations don't have enough general IT staff members, and 64 percent said they don't have enough cybersecurity staff.

Additionally, the survey found that general IT is assuming some responsibilities and functions that were previously handled by the security team. For example, the report says, "IT operations is more likely to be in charge of ensuring security controls for network, cloud, and application service providers than they were in the past."

"These days security is the responsibility of everyone in IT, not just the cybersecurity team," the report said.

Top Universities Lack Proper Email Security Measures

Recent research from Proofpoint (https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-97-top-universities-us-uk-and-australia-putting-students-staff) found that top universities in the United States, United Kingdom, and Australia "are not taking appropriate measures to proactively block attackers from spoofing their email domains, increasing the risk of email fraud."

Domain-based Message Authentication, Reporting and Conformance (DMARC) analysis (https://dmarc.org/) performed by Proofpoint showed that "none of the top U.S. and U.K. universities had a Reject policy in place, which actively blocks fraudulent emails from reaching their intended targets, meaning all are leaving students open to email fraud."

According to the analysis, U.S. universities have the poorest levels of protection, followed by the United Kingdom, and then Australia.

"Email remains the most common vector for security compromises across all industries. In recent years, the frequency, sophistication, and cost of cyber attacks against universities has increased. It's the combination of these factors that make it especially concerning that the premier universities in the U.S. are currently the most vulnerable to attack," Proofpoint says.