Enterprises have plenty to manage as their infrastructures scale with a growing and increasingly complex cloud computing environment. They often bring in expert help to ensure a strong security posture, outsourcing jobs to managed security service providers (MSSPs).
Contracting with firms whose sole focus is cybersecurity makes a lot of sense for organizations that are feeling the pinch from the growing shortage of skilled cyber professionals. The cybersecurity workforce gap is expected to reach 3.12 million jobs worldwide this year, up from one million in 2014. And cybersecurity jobs take, on average, 21% longer to fill than other IT jobs.
But even MSSPs can get overwhelmed if they don’t have the right tools to do the job effectively. The demand for their services has been growing significantly in recent years. The MSSP market was estimated at $31.6 billion in 2020 and is expected to grow by 12% to 15% through 2026. That increased demand is putting a strain on service providers.
One managed security service provider that my team met with in December said they were running at 300% capacity to keep up with their growing business, specifically in incident response volume. That left them little time to seek out and integrate new technologies that could improve their services, thus creating a feedback loop that hinders success.
The financial cost of not investing in the right technology, such as a Standard Operating Procedure (SOP) platform, can manifest itself in a scaled metric of up to 50% of an operator’s overhead per year, per person. That is, if incident response operators make $100,000 per year, the lost dollars could be up to $50,000 per person.
Of course, investing in new technology to improve security always involves some expense. But when the benefits of the right technologies are weighed against the potential harm of not having them, the true value of that new technology becomes readily apparent.
The costs of neglecting new tech
Cybersecurity is constantly changing. Cybercriminals, nation-state actors and others are constantly adding new techniques and levels of sophistication to their attacks, as well as employing advanced technologies such as artificial intelligence. Security teams have to keep pace to provide an effective defense with integrated tools that automate processes and enable streamlined collaboration. Taking on a complex cybersecurity landscape without the right tools can result in serious weaknesses that threaten an organization’s networks and data. Among the potential problem areas:
The comprehension gap. The lack of a translation layer between tactical and strategic stakeholders (i.e., those making reactive decisions and those who plan for the future) can result in separate tools and systems within an organization. This results in failures while making crucial, time-sensitive decisions, as well as in fully understanding the threat landscape and effectively allocating resources.
A regulatory disconnect. Organizations need to balance collaborative cybersecurity efforts with compliance. Various regulations, such as the Federal Information Management Security Act, the General Data Protection Regulation (GDPR) or the California Privacy Rights Act (CPRA), tend to restrict the ability of security platforms to collect and share threat intelligence.
Loss of time and momentum. Without the right tools, security teams can find themselves besieged by a steady onslaught of low-impact events and security control system alerts – from Security Information and Event Management (SIEM) systems, firewalls, intrusion detection systems (IDS) and other sources. Not only do those prevent them from focusing on high-impact events, but often lead analyst burnout and costly data breaches.
Destructive silos. A common thread with many of these problems is the presence of operational silos between the security operations center, IT services and threat intelligence teams. This often prevents information sharing and collaborative response. In this kind of environment, critical historical data (some of it auditable) can be lost while the organization’s defensive posture is degraded.
The key to keeping up with (or even ahead of) the cyber threat landscape is a collaborative cyber defense, which requires that tools, data, and people be integrated into a singular defensive ecosystem. A few key examples:
Incident management and bulk filtering of events. This approach can combine a data management system with features such as a data catalog that identifies and connects data points, develops profiles of threat actors and attacks, and triggers responses based on collaborative input. It can deliver obvious benefits in saved time, reduced labor overhead, and streamlined operations.
Intuitive data visualizations and reporting. A system that collects and analyzes data – both current and historical – can be put into a single dashboard that presents the information in concise charts and graphs. It will help organizations bridge any comprehension gaps they have, allowing greater collaboration to fuel critical insights and make informed decisions in near-real time.
Enterprise on-demand delivery. An integrated, comprehensive approach that can present essential data on demand and can account for compliance mandates without sacrificing security. In this way, organizations can negate data privacy concerns and alleviate restrictions on data retention and storage.
Automation. An essential ingredient to making these tools work is automation. That will take routine, low-impact work plus a lot of false-positives off security teams’ plates, allowing them to focus on more critical tasks and improving security performance.
The benefits of incorporating these kinds of tools will far outweigh any expenses incurred in implementing them, resulting in more effective, efficient security. It is why organizations should make adopting them a top priority.