Earlier this year a report released by the Ponemon Institute indicated that four out of five businesses lack the required infrastructure and/or security resources with the proper skills required to recognize and defend against incoming cyberattacks. This report was based upon a survey conducted of nearly 600 respondents encompassing 500 companies across the United States. The vast majority of organizations included in the study admitted that their organizations are struggling with even monitoring for incoming attacks, if they are monitoring at all.
While many companies are failing to properly monitor external threats and risks to their environment, the majority admit that they should be carrying out activities such as monitoring mobile apps, looking out for social engineering and phishing attempts, and keeping an eye on cyber threats. Approximately sixty percent of the survey respondents listed these activities as essential to their business. So the question is why aren’t more organizations looking for critical risks threatening their environment?
Perhaps the greatest obstruction to an effective security posture is due to the fact that many companies lack the resources, knowledgeable staff, appropriate tools and the general lack of understanding of the risks their organizations face. Many responders to this Ponemon study sited this lack of knowledge and risk awareness as one of the primary barriers to achieving cyber security effectiveness.
Because of the lack of in-house security expertise, many companies are turning to outsourcing the monitoring or their environment to Managed Security Service Providers (MSSP) to address the issue. Approximately 35% of respondents report that they are already engaged with an outsources provider, while a further 21% state that they plan to do so within the two years in order to provide the adequate level of protection to their organization.
Using a managed security service provider (MSSP) approach to security can provide a number of tangible advantages including:
- Security outsourcing can provide a more cost effective alternative to hiring a full time monitoring team. This is due in large part to the ability of the MSSP to spread their resources across multiple client environments, thus spreading the cost across a number of client engagements.
- A team of outsources resources will often possess a higher level of knowledge and skill based on experience gained by monitoring and assessing risk in a number of different technical environments.
- Intrusion Detection requires a skilled person to analyze what is happening on the network. Unfortunately many companies do not have nearly enough people to go around so it is difficult to justify an internal resource whose sole responsibility is to monitor the network for potential intrusions.
- With an outsourced resource the network can be monitored 24 hours a day/7 days a week. The organization does not have to be concerned about sick/vacation time or who is monitoring at 3AM.
- An outsourced security monitoring team will be responsible for performing the analysis regarding what is an alert and what is a false positive. Monitoring systems generate a lot of alerts, especially when they are first installed and before they have been properly tuned.
To understand more about Managed Security Services, security monitoring, or how to protect your business from risks, please contact VioPoint at firstname.lastname@example.org or call at (248)373-8494.