Now’s the time to engage a Managed Security Services providerBlog
We live in a time of exponential growth from an economic, technology and an information/knowledge sharing perspective, fuelled by digital transformation. With that, has come an increasingly large and complex digital footprint that organisations need help securing.
While many CIOs and CISOs are already working with an MSSP in one capacity or another, reasons for expanding engagements with an MSSP are growing.
Through my conversations with clients, I’ve identified a few dominant themes and drivers that stand out: fatigue, volume, skills, outcomes and innovation, which, I believe, are actually all in direct correlation with one another.
To start, the global cybersecurity resource shortage is only expected to grow over coming years, with some projecting a staggering gap of as much as 3.5 million unfilled cybersecurity positions by 2021. This means that already under-resourced cybersecurity teams are feeling the pinch when it comes to dealing with day-to-day tasks. For example, over 11,000 CVEs were identified in Q1 of 2018 alone, all of which require some kind of patch and/or remediation. The number grows each year.
This challenge is aggravated by the fact that as companies expand their global footprint, the business requires the cybersecurity team to scale at the same speed – in terms of visibility, intelligence, agility and the overall ability to protect the business. With the decentralisation of IT services and their consumption, there is a corresponding, rapidly growing digital footprint that introduces additional risk to the business.
Moreover, as cybersecurity threats increase in sophistication, and as new technologies and controls come to market, there is a need for resources with a broader range of skill sets and expertise to help with effective management of threats, risks, vulnerabilities as well as to operate tools or manage the approaches that help protect the business.
The reality is that in-house cybersecurity teams just do not have the required capacity or in some cases, the skills and expertise to deal with it all effectively. These resources also cannot be easily hired in the market due to the shortage. Therefore, employees are becoming over utilised or mentally exhausted and job satisfaction is decreasing, impacting employee turnover.
Which brings us to outcomes and innovation. The role of cybersecurity is also changing within the business. It’s being seen as a foundation for business success since there is now broad recognition that cybersecurity incidents are unavoidable, and it’s no longer a matter of if but when an attack will happen. The question then becomes, can I predict an attack before it happens so that I can achieve my business goals? How quickly and effectively can I respond to avoid the potential financial, operational, legal and brand-related ramifications?
Furthermore, the CISO and security practitioner are now becoming tightly involved in business transformation and technology adoption, helping the business to innovate and leverage technology to achieve their business outcomes. It presents the opportunity to build a digital business that is secure by design.
In the past, the suggestion of Managed Security Services (MSS) may have raised concerns with operational teams, with job security being the common fear. But, given the challenges mentioned above, the conversation around MSS has recently shifted to:
- How can MSS help with effective management of existing headcount by allowing me to outsource the more mundane repetitive tasks and focus on strategic activities?
- How can MSS help me to create a predictive and agile cybersecurity posture?
- How does MSS help me to free up my team for knowledge transfer and training?
- How can MSS help the business save money and drive operational excellence ?
- How can I support the business with innovation and growth, while keeping it secure?
- How can MSS enable innovation within my cybersecurity business?
- How can I demonstrate and justify the ROI of our cybersecurity investments?
This represents a fundamental shift in the conversation around MSS into a true cybersecurity team and business enabler.
There is also great opportunity for partnership – and to be successful with MSS it truly does need to be a partnership – where the service provider fully understands your ambitions, challenges and pain points, so that you can focus on the benefits, and be supported in your plans for the future.
As part of NTT Group, we have over 15 years of cybersecurity experience across 47 countries, leveraging over 2000 cybersecurity experts in 10 Security Operation Centres. Get in touch with us to learn more about how we can help you on your cybersecurity journey through our managed security services.