2016 was a record year for data loss with reported breaches exposing almost 4.3 billion records. While the reported number of incidents has not increased year over year, the average breach was more severe – and exposed more records – than in previous years. You only need to look at the number of compromised records at three breaches in 2016 to see examples of the severity: Yahoo, FriendFinder and MySpace. Almost daily, we hear about other threats like the WikiLeaks release of secret methods used by the Central Intelligence Agency to penetrate everything from cell phones to televisions. While this information is now readily available to would-be hackers, it also provides a clear picture of where our vulnerabilities lie. Distributed Denial of Service (DDOS) attacks have more than doubled in recent years, with the average attack severe enough to take an unsuspecting organization completely offline. In 2016, over 600 million ransomware attacks occurred, costing businesses millions of dollars. While there are hard costs associated with security incidents in terms of lost data or ransom paid, executive leadership also needs to be prepared for other business impacts such as brand erosion, loss of customer goodwill, shareholder disappointment and earnings volatility, all of which can incur costs months and even years after an initial security incident.
It’s clear from my conversations with CIOs and other leaders that everyone knows they need to secure their networks and systems. However, with enterprises lacking IT resources, dwindling budgets and the sheer volume of risk to manage, handling security nowadays has become a seemingly insurmountable task. Consequently, more and more businesses are looking towards Managed Security Service Providers (MSSP) for help. Here are three common security challenges companies face and how MSSPs can help solve them.
1. Specialized talent shortage
There’s a shortage of qualified IT security staff, making it difficult for management to attract and recruit qualified personnel. Escalating salary requirements further complicate the situation. Consequently, many companies skip some of the security management basics simply because they don’t have the time or staff required to implement these practices, making them prime hacking targets. An MSSP can operate in a variety of capacities and fill in whatever security gap a company may have. This includes not only devising a security and compliance strategy for networks and devices but taking over daily security management. By partnering with an MSSP, not only do you have access to a dedicated and specialized workforce, but you also benefit from a team of experts that understands the dynamic security landscape and the latest threats. Just as you would depend on a CPA to manage your tax filing because of their knowledge of tax law, an MSSP can provide a level of security expertise that is hard to obtain on your own.
2. Prioritizing risk
There’s no such thing as perfect protection. Rather, it’s a matter of appropriately managing risk and making a conscious decision about what to do, and perhaps more importantly, what not to do. For example, while you may be dedicated to building a digital fortress with multiple levels of security, the sheer volume and variety of threats make it difficult to assess your current vulnerabilities and to plan an appropriate course of action. An MSSP can identify your security vulnerabilities and compliance requirements and help you implement a plan that’s unique to your organization and business situation. From there, you have two options. Your IT team can execute the security plan or you can leverage the MSSP to manage your day-to-day security needs. For example, at CenturyLink, we help our customers efficiently manage risk by creating a customized security plan, including threat intelligence, detection and response for a myriad of security concerns.
3. Managing security expenses
While buyers are spending more than ever on security-related hardware and software, many companies are still exposed and inadequately prepared for a security incident. Simultaneously, buyers are also under pressure from management to reduce spending and provide more predictable operating expenses. But, there is good news. Effective preventive measures aren’t necessarily cost prohibitive. An MSSP can help you spend your security dollars smarter by focusing your spending on the priorities that will have the most impact on your security and compliance posture. With a managed security approach, you transfer the cost of ownership, thereby reducing the need for capital investments. You’ll gain a predictable OpEx model that is easier to forecast and budget, especially important when IT budgets are expected to remain flat in 2017.
Increasingly, we’ve found customers who leverage Managed Security Services are able to move from a reactive stance to a proactive security strategy against a rapidly changing threat landscape. Today’s reality is that you need to operate with the assumption that your organization will be breached. However, by partnering with an MSSP, you benefit from “strength in numbers” from an intelligence perspective and increase the likelihood you can stay one step ahead of potential hackers.