Cybersecurity has never before had such a high profile. The reasons for this are simple. Cyber security threats and successful attacks have exploded in the last few years. Since 2013, 7.1 billion data records have been breached – with only 4% of those actually protected in the first place. The cost to the victims of this sinister game have increased by 21% between 2015-2016, with the mean annualised global amount lost in a cybercrime event being $9.5 million per organisation with EU states showing a combined cost of cybercrime of EUR 265 billion a year. This is on the back of a 66% increase in cybercrime in Europe in 2016.
Many of the threats we are seeing are becoming increasingly sophisticated, moving outside of the realms of technology, firmly into the physiological layer. Cyber criminals are clever, using our own behaviour against us. We are seeing evidence of this in the rise of phishing and associated ransomware attacks – both of which touch at the heart of how we react to given drivers, such as trust in brands.
The security situation is dire with the management of cyber threats slipping through the hands of many organisations.
Even firms who try their best to rectify this situation are facing an uphill struggle. The current cyber security skills landscape is less than ideal. In McAfee’s recent expose on the security skills situation “Hacking the Skills Shortage” they found that 83% of German and 75% of UK IT experts say there is a cyber security skills shortage. Worldwide there are currently at least 1 million cyber security related jobs unfilled. And with cyber security salaries demanding at least 2.7 times the average, recruiting a security specialist is both expensive and difficult.
This situation has built a strong driver for turning to outside specialist help in the form of a Managed Security Services Provider (MSSP). Currently, around 50% of firms are turning to an MSSP to help them develop and implement their internal security strategies. And this is expected to rise with Gartner predicting that 83% of all companies have planned to outsource IT security in the next 3 years. This is creating a large market for MSSP’s which is expected to be worth $33.68 billion by 2021.
Today, many security vendors offer a managed service to their customers and so Security-as-a-Service or Managed Service (MSSP) has become a trending term. Out of so many MSSP offerings, it can be hard to identify the best choice. However, there are factors that distinguish a great MSSP, from the slew of companies who make bold promises around Security-as-a-Service.
What a Great MSSP Offers
An MSSP is the alternative to recruiting, paying and retaining cyber security talent. A great MSSP will have all of the cyber security specialist knowledge, concentrated in one company, along with certified training in security tools and ITIL processes. This team of domain specialists will work in a collaborative way with existing staff, to fully augment your security needs. You can think of it as an extension of your own in-house IT resource, but specialising in the complex world of IT security.
An efficient and effective MSSP will also be able to bring other expertise into the framework, including a deep understanding of Cloud and Software as a Service (SaaS) security issues and resolutions.
Using a MSSP can be likened to a build vs. buy ROI. The cost of losing a specialised member of staff has been calculated to average around 400% of their annual salary. This type of cost, coupled with the difficulty in recruiting security specialists, as well as the high salaries of such employees, is part of that ROI calculation.
MSSP’s offer an attractive, ready-made alternative to building your own in-house team of cyber security experts. This coupled with the use of MSSP technologies such as SIEM can help to manage the spiralling costs of keeping a firm secure.
Building Bridges with Expert MSSP’s
Using an expert MSSP builds a broad-based approach to securing an organisation. Your MSSP should become an integral part of your IT ecosystem as Integrated IT Service Management (ITSM). It is this collaborative and holistic exchange of knowledge, understanding, and experience, that an MSSP offers as an advantage to a company in the fight against cybercrime.
An experienced MSSP, with staff offering wide-scope coverage of security knowledge and security tools, can be part of your holistic security strategy planning. The MSSP becoming part of your extended team. The MSSP advantage you will gain includes:
- Threat intelligence (e.g. early warning around attack campaigns)
- Security event analysis / behavioural analysis
- 24/7 attention to detail
- Staff certified on all technologies
- A service logging and monitoring infrastructure
- A standard service catalog and standardised SLA’s
- Measurable service KPI’s
- Regular service reports
- A digital customer interface
- Open service interfaces
Michael Liebi is CEO at United Security Providers