SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Managed security services: The answer to growing cyber threats?
Fri, 12th Feb 2016
FYI, this story is more than a year old

Staying ahead of the curve when it comes to protecting a business against breaches is becoming a difficult task, as global cyber attacks mount and escalate in severity.

In fact, with 61% of surveyed ANZ companies expecting an attack on their organisation this year, it is often not a question of ‘if' a company will be breached but ‘when' and to ‘what degree of damage'?

While this is largely due to the fact that cyber criminals are becoming more slick and sophisticated, a number of factors contribute to poor performance of companies when it comes to their cyber security.

When it comes to dealing with cyber threats, companies large and small face shortages of qualified and capable staff, limited budgets and inability to effectively thwart threats.

Cybernetic Global Intelligence, the global IT Security firm, has identified three primary reasons why companies should look into managed security services.

Supplement or expand necessary skills

Hiring, training and retaining qualified in-house security experts can be a costly and time-consuming procedure, says Cybernetic. A recent report suggests that it takes around six months to fill 32% of open IT security positions, and more than 35% of organisations are unable to fill open security jobs at all.

These numbers are only expected to get worse, with an expected shortage over the next few years of two million cyber security jobs worldwide, Cybernetic says.

In addition, according to the ‘State of Cybersecurity: Implications for 2015' study, fewer than 25% of cybersecurity applicants are qualified to perform the skills necessary for the job, and the most important qualification of hands-on experience is extremely lacking.

Due to these chronic shortages many basic security tasks are deferred and overlooked, resulting in only 43% of ANZ surveyed companies being ‘prepared' for an attack.

According to Cybernetic, a MSSP can handle security tasks such as 24/7 monitoring, manage your security devices; update security policies; manage your network, application, web and email security; and much more.

Make the most of your security budget

Implementing the right security measures and maintaining a strong security posture can be very costly, Cybernetic says. And while security budgets continue to slowly rise in an effort to meet the increasing cyber challenges, by the time most security teams feel the effects of increased funding and find the staff to fill necessary gaps, it will be too late, according to the company.

A recent survey of more than 1,000 security professionals surveyed indicated that 54% believe that they need to double their IT security staffing, and 24% believe they need four times as many security professionals to cope with everyday threats.

While throwing security staff at a problem may seem like a bright idea, considering that an average salary for a qualified security expert in Australia is around $146,500, security budgets of most companies will not stretch far enough to allow it, says Cybernetic.

Employing the services of a MSSP can help you eliminate the costs involved in recruitment and training of additional security experts; eliminate the need of large upfront costs associated with developing in-house security operations centre; and allow companies to take advantage of industry best practices and economies of scale.

Improve your security posture 

According to Eddie Schwartz, the international vice president of ISACA, the attempt of organisations to manage cybersecurity on their own is equivalent to “a bunch of small countries trying to fight a superpower in terms of organised criminals and nation-states; there's just no hope”.

While that may seem like a bleak outlook, it has proven to be accurate over the last few years, as even the largest companies all over the world are finding it hard to tackle the hurdle presented by advanced cyber threats, according to Cybernetic.

By switching to a MSSP a company can forgo all the aspects of insufficient capacity that may negatively impact security outcomes.