By Matt McCormick, SVP Business and Corporate Development, ThreatQuotient
For years we’ve been talking about the skills shortage that plagues the cybersecurity industry and which some reports now peg at three million and growing. Organizations lack trained, experienced resources in many areas including expertise in management and monitoring of the infrastructure protecting an environment, incident responders, threat intelligence analysts, security operations engineers and even security leadership. These gaps increase cybersecurity risk for organizations and their key stakeholders, including customers, employees, business partners and shareholders.
No group feels the impact more every single day than an organization’s cybersecurity team. Enterprise Strategy Group (ESG) recently surveyed cybersecurity professionals and Information Systems Security Association members about their experiences on the job. The report, “The Life and Times of Cybersecurity Professionals 2018,” concludes that the ramifications of the skills shortage include an increased workload on existing staff, an inability to fully learn or utilize some security technologies to their full potential, and the need to spend significant time training junior employees since it is difficult to hire experienced cybersecurity professionals.
When organizations do manage to hire top talent, they experience trouble with retention. Three quarters of survey respondents told ESG that they are solicited to change jobs by recruiters at least once a month. The result? Salaries, attrition and competition for skilled applicants are soaring.
Outsourcing to a managed security services provider (MSSP) or a provider of managed detection and response (MDR) services is one of the strategies that organizations are using to close the skills gap while mitigating cybersecurity risk. MSSPs offer 24×7 monitoring and management of security devices and systems and are in the position to hire, train and leverage security experts across many different customers. Providers of MDR services focus on detecting threats that have infiltrated an organization’s network, capabilities sometimes not offered by MSSPs. Both types of services help organizations reduce costs building out their own security operations center and get the expertise they need to adequately protect their environment. These services are in such demand that IDC predicts global security spending will top $103 billion in 2019, with managed security services accounting for the largest category of spending at more than $21 billion.
MSSPs and MDR services will remain an important option for many companies for the foreseeable future, particularly when you consider other factors at play beyond the skills shortage, specifically: a dynamic threat landscape, an ever-expanding attack surface and an increasingly complex security technology environment. Organizations must be able to identify and mitigate the threats most relevant to them and these factors make that task more difficult.
Recognizing that security isn’t one-size-fits-all, MSSPs and MDR services offer a way for organizations to get the solutions they need from a menu of options. Take for example threat intelligence, which is the foundation for any security operations program and essential to discovering what is happening in your environment and what actions to take. If an organization doesn’t have the resources to take full advantage of the capabilities of a threat-centric security operations platform, a service provider can assume the task of customizing and managing threat intelligence for you and conducting alert triage. Turning data into actionable threat intelligence, they can deliver threat intelligence prioritized based on your risk. They can also use the threat intelligence that’s relevant to your organization to deliver additional, high value and customized services such as risk assessments, vulnerability management, spear phishing investigations, threat hunting and incident response. Going a step further, they can provide support to integrate threat intelligence into your infrastructure and operations and ensure the right data is sent automatically to your security infrastructure to protect against the threats that matter most to you.
If you’re considering outsourcing some or all aspects of your security operations, be sure to consider these key points:
- Make sure the service provider can protect your entire technology stack – on-premise and in the cloud. You may not need support for both immediately but validating that they have the capability will ensure they can adapt as your needs evolve.
- Unfortunately, in security there are no silver bullet solutions, and this holds true with managed services. There is no way to guarantee 100% protection. However, putting Service Level Agreements (SLAs) in place can help ensure support expectations are met, for example with respect to response times.
- When evaluating a service provider one of the most important things you can do is speak to references with similar environments and/or in similar industries.Make sure you understand what happens when there are problems and look for a partner that will respond as one of your team.
- If you feel that you are lacking security leadership, consider a CISO-as-a-service offering, also known as a virtual CISO (vCISO). Ten percent of the organizations that responded to the ESG survey say they are now retaining a vCISO. In addition, 29% of the CISOs surveyed are working as a vCISO while another 21% are considering doing so.
The time is now for many organizations to consider managed security services to help address their security needs. They fill the cybersecurity skills gap and, in the process, help you overcome a broad spectrum of security challenges so you can improve your overall security operations.