The Changing State of Business IT Auditing

Jun 13, 2016

The IT security firm Netwrix recently released the 2016 edition of their annual IT Risks Report, and it contains some eye-opening statistics. Netwrix surveyed more than 800 small and medium businesses as well as other enterprises to find out how they are auditing and monitoring their IT infrastructures in 2016. They discovered that those practices are suddenly in flux. 2016 appears to be the year that many businesses learn that their technology is only as reliable as their management practices.

IT Audit

More Priority Placed on IT Auditing

Boiled down, auditing is simply finding out who did what and where. But given the sheer complexity of most business IT networks, auditing them is particularly important. In fact, businesses who reported using some kind of IT auditing process increased from 52 percent to 63 percent in 2016.

Preferences appear to be trending among small and medium businesses toward using third-party auditing tools over their own internally developed, often manual, processes. Interest in third-party tools jumped from 29 percent to 39 percent over the past year. An even greater change occurred in the drop in those reporting interest in developing new in-house solutions, falling from 66 to 39 percent. The main reasons cited were the desire for less time-intensive processes, for processes less prone to human error, and, most of all, to improve security.

So, not surprisingly, 71 percent of respondents also reported using their auditing tools to investigate security incidents. Fifty-seven percent monitored internal misuse of their IT systems, and 52 percent used auditing tools to mitigate damage from “cyber risks.” Unfortunately, some businesses had quite a lot to investigate; one in five suffered security incidents on their network stemming just from the unmonitored activities of third parties. Another fifth experienced an incident, but were unsure of the cause due to insufficient monitoring.

Resources Spent on Security and Compliance Remain High

As much as we like to blame technology, people continue to be the weak link in IT security. Survey respondents revealed that a full 47 percent of security incidents resulted from a staff member’s accident, with an additional 13 percent reported they arose from intentional misuse.

Businesses also reported spending a surprising amount of time on compliance reporting. Two-thirds spend at least three hours per week on just IT reporting, with an overwhelming majority feeling that at the same time, their businesses were unprepared to deal with future IT risks. A lack of time was the main reason cited for that unpreparedness, which perhaps is driving the push for efficient, third-party services.

As more and more work processes shift to network- and cloud-based solutions, the connectedness of business IT systems and therefore their potential points of compromise will increase. This will make strong IT management tools ever more important. In fact, this survey’s main takeaway for business owners and IT directors, regardless of their business’s size, should be the need for ever more systematic, automated approaches to IT monitoring and auditing.

Business Technology Is Only as Reliable as Its Management Practices

It will be interesting to see how the trends observed in this survey play out over coming years. Information technology is constantly evolving, so while businesses will always grapple with new technical challenges, so too will new tools and management practices be developed to deal with them.

{company} is the trusted choice for IT management tips, tricks, and news. Contact us at {phone} or send us an email at {email} for more information on IT auditing services and best practices.

About Trevor