Enterprise Security Woes: Staffing Problems, Lack of Planning

IBM's fourth annual cybersecurity survey shows that organizations aren't spending on the people or processes they need, despite rising financial stakes. Also this week: Microsoft brings improved collaboration to the nonprofit sector; the Algorithmic Accountability Act takes aim at AI bias; and blockchain makes your lettuce safe.

4 Min Read

More than three-quarters of enterprises do not have a cybersecurity incident response plan applied consistently, a breach in security practices that could cost at least $1 million, IBM said this past week. The tech company released the results of a survey done on its behalf the Ponemon Institute (an organization that conducts research on data protection and emerging information technologies), which include the following:

  •  77% of the 3,600 respondents do not have a cybersecurity incident response plan applied consistently across the enterprise

  • Of the remaining 23% of respondents who do have a cybersecurity incident response plan applied consistently across the enterprise, less than half (46%) test the plan regularly to ensure they've ironed out all the coordination or responses in the wake of a cyberattack

  • 46% of survey respondents still have not fully complied with GDPR

  • 70% of respondents reported that staffing for cybersecurity is insufficient to achieve for the headcount needed to properly maintain and test their incident response plans and are facing 10-20 open seats on their cybersecurity teams

To learn more about the full results of the study, download "The 2019 Study on the Cyber Resilient Organization."


Data portability and enhanced communications aren't restricted solely to for-profit enterprises. Microsoft recently announced the release of Dynamics 365 Nonprofit Accelerator v2, a suite of Dynamics 365 tools aimed specifically at nonprofit organizations.

Underpinning the solutions suite is a revamped common data model (CDM) -- a standard collection of schemas meant to enhance data interoperability between different apps by defining common data types and functions. The new CDM has 75 entities with 1,400 attributes; according to Erik Arnold, Global Chief Technology Officer, Tech for Social Impact, Microsoft Philanthropies, "These entities and attributes represent sector-specific data elements, relationships, and best practices as defined by Microsoft, our partners, and a group of nonprofit experts."

The CDM supports a set of features aimed at optimizing communications between donors and nonprofits. Microsoft outlines them as:

  • Aligning funds to the results framework. Organizations can draw a thread across their operations and tie funds from donations and awards directly to programmatic activities and outcomes by leveraging a new link between Fundraising Designations and Program Delivery Frameworks and Budgets.

  • Connecting beneficiaries and program delivery. Nonprofits can track the outcomes and impact of program delivery with specific beneficiaries through a new link between Delivery Framework, Indicator Value, and Constituent.

  • Volunteer coordination. New functionality optimizes volunteer management, capturing preferences, skills, certifications, availability, scheduling, and projects leveraging Dynamics 365 Project Service Automation.

  • Membership management. Nonprofits can establish membership programs and engage constituents throughout their membership lifecycle through a single contact record that can be used across multiple roles, including support for membership and benefit levels.

  • Best practices and resources. To support nonprofits as they work on their own implementations, we’ve expanded the platform’s how-to guides and released new purpose-built nonprofit data schemas, templates, and sample applications that are optimized for interoperability.

Microsoft is also growing its partners in the nonprofit space by offering a set of templates to make it easy for would-be partners to map their own data schemas to the CDM. In addition, the company has also mapped its CDM to the Salesforce Nonprofit Success Pack.


The Microsoft Graph Security API, which provides an interface for IT pros to connect security solutions from multiple providers (Microsoft or third party), across security tools and workflow, now has a PowerShell module available. This makes it easier for IT pros to connect to the Microsoft Graph Security API via a PowerShell console.

In related news, PowerShell 7 is in general availability. Microsoft says the bulk of new PowerShell usage has come from Linux usage, and says that slowing Windows usage could be "because existing Windows PowerShell users have existing automation that is incompatible with PowerShell Core because of unsupported modules, assemblies, and APIs." The PowerShell team has promised to offer a full replacement of Windows PowerShell 5.1 with their next release.

At IBM Think 2018, the company talked about how its blockchain network could be used to secure a food supply chain and produce two net benefits: safer food supplies for grocery store consumers and reduced food wastage for grocers since they'd be able to more precisely pinpoint the source of contaminated food. A year later, the Albertson's grocery chain has announced that it's joining the IBM Food Trust Network to keep track of romaine lettuce and other items in the food supply chain.

Senators Cory Booker (D-NJ) and Ron Wyden (D-OR) have introduced the Algorithmic Accountability Act which would, if passed, require companies assess whether the algorithms powering their AI and machine-learning tools are biased or discriminatory, and whether they pose a privacy or security risk to consumers. If passed into law, the Algorithmic Accountability Act would apply to big companies on a big scale — firms that make over $50 million per year and/or hold information on at least 1 million people or devices.

IBM researchers have published a paper outlining a computational processing architecture that purports to cut an AI's speech recognition training time to a fifteenth of its usual time — going from one week of training to 11.5 hours. 


About the Author(s)

Richard Hay

Senior Content Producer, IT Pro Today (Informa Tech)

I served for 29 plus years in the U.S. Navy and retired as a Master Chief Petty Officer in November 2011. My work background in the Navy was telecommunications related so my hobby of computers fit well with what I did for the Navy. I consider myself a tech geek and enjoy most things in that arena.

My first website – AnotherWin95.com – came online in 1995. Back then I used GeoCities Web Hosting for it and WindowsObserver.com is the result of the work I have done on that site since 1995.

In January 2010 my community contributions were recognized by Microsoft when I received my first Most Valuable Professional (MVP) Award for the Windows Operating System. Since then I have been renewed as a Microsoft MVP each subsequent year since that initial award. I am also a member of the inaugural group of Windows Insider MVPs which began in 2016.

I previously hosted the Observed Tech PODCAST for 10 years and 317 episodes and now host a new podcast called Faith, Tech, and Space. 

I began contributing to Penton Technology websites in January 2015 and in April 2017 I was hired as the Senior Content Producer for Penton Technology which is now Informa Tech. In that role, I contribute to ITPro Today and cover operating systems, enterprise technology, and productivity.


Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like