Just as security breaches are becoming more sophisticated and multi-faceted, so too must businesses develop multi-pronged approaches to cyber-security defence. Organisations must adopt a more sophisticated approach to cyber-security that combines strategy, technology and governance to ensure the security of business and customer data.
Many companies are running outdated systems that leave them vulnerable to increasingly malicious cyber-breaches. The lesson from recent breaches, such as WannaCry, suggest that all organisations need to look at their policies, procedures and infrastructure with an eye on adopting the most rigorous and modern approaches to cyber-security.
High risk and low budgets
A recent survey revealed that 2016 saw more than 4,000 breaches that exposed a combined total of more than 4.2 billion records. That was approximately 3.2 billion more records than the previous all-time annual high, it states. Unfortunately, with attack surfaces expanding but security budgets staying tight, talent remaining scarce, and tools lacking seamless integration, it's no wonder that security pros have concerns that they can't put their defensive technologies to work as effectively as they'd like.
In addition, a Cyber-security Report from Cisco earlier this year reveals that security professionals' biggest sources of concern related to cyber-attacks include mobile devices, the public cloud and cloud infrastructure, as they create more endpoints to protect and widen the security perimeter. Yet, the percentage of security professionals who review and improve security practices regularly is down from 56 percent in 2015 to 53 percent last year.
I don't interpret that to mean that security professionals are growing either lax or overconfident about the threat landscape. What it shows, in my opinion, is a recognition that there's only so much that resource-restricted internal security organisations can handle on their own – and it may not be enough to effectively detect and defend against attackers.
Why managed security is the optimum approach
That position is bolstered by what we now know about the growing use of security outsourcing services:
- Close to three-quarters of respondents in a recent Forrester survey indicated they relied on third parties for 20 to 80 percent of their security, with those relying most heavily on outside help planning to increase their use of external vendors.
- In a survey conducted last year by CIO, CSO and Computerworld, 56 percent of the respondents said that their organisations are enlisting outside consultants to help with information security strategy, and 40 percent said they're turning to MSSPs.
- A Computer Economics IT Outsourcing Statistics 2016/2017 study shows that IT security outsourcing is increasing at the fastest rate of all outsourced functions and that no organisation already engaged in security outsourcing reported plans to decrease usage. IT security also ranked among the top three outsourcing functions with the greatest potential for improving service.
Many organisations are changing strategies from primarily threat prevention to rapid threat detection and response, which requires another skill set and solutions. IT departments are responding to this need for a wide variety of specialised skills by outsourcing more.
When companies turn to third-party experts via solutions such as managed security services, they alleviate the uncertainty security professionals currently experience about their ability to take full advantage of the latest technology, security best practices and 24x7x365 monitoring.
Unifying existing enterprise security solutions and complementing them with a suite of advanced security features under an integrated and managed framework will bring significant relief to IT security personnel.
The growing use of MSSPs offers enterprises a new approach to building security capabilities. Managed properly, MSSPs now provide levels of management over almost any security threat that you can imagine and add new capabilities to an organisation's security strategy.
Contributed by David Venable, VP of Cybersecurity, Masergy Communications
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.