When it comes to cyber security and how it is managed many organisations don’t really know what they need in today’s fast-evolving threat landscape, whilst others despite using ‘a proliferation of’ cybersecurity tools, are simply overwhelmed. As companies look ahead and construct plans for the best way to conduct business, it is crucial to evaluate the best cyber security posture for individual business needs – with the following key considerations as part of your decision-making process.
1. Growing pressures on in-house IT teams
Virtually overnight, the role of an IT support team changed from a role committed to a certain set of circumstances, in one place, to a dispersed, varied minefield of new tech issues that needed to be handled remotely. With hybrid working set to continue, this diverse IT support role will only continue to expand in terms of role requirements, with smart meeting rooms and increased reliance on mobile devices putting more pressure on teams.
Put simply, IT teams are unsustainably stretched – which the numbers only back up. According to UK Government figures, half (50%) of all businesses* have just one person managing or running cyber security in-house; even among large businesses, the average cyber team comprises just two to three people.* Defending businesses against increasingly sophisticated cyber threats is an incredibly demanding task; as a result, teams struggle to stay on top of important security practices such as vulnerability management and 24/7 network monitoring.
Business leaders must evaluate the capacity of IT teams and stress-test for when things go wrong. How long would it take an IT team to spot a breach, for example? Would this time put many of the team offline and affect business operations? Downtime is highly costly for businesses, with estimates of loss of income at more than £4,000 per minute**, dependant on company size and outage time. That’s why speed of detection is what many customers are now focussing on; however, few companies have 24x7, always-on security professionals at hand that can swiftly detect and remediate. And this slow response time can cost businesses crippling amounts, especially when it comes to large-scale attacks.
Businesses need experts who truly understand threat intelligence and the difference between false positives and real threats – and this expertise needs to run across a company’s entire technology stack. But this expertise is tricky for many organisations to acquire in house, especially given the high salaries of cybersecurity professionals.
2. Maximising cyber budgets
Developing the correct cyber security and ensuring staff have the knowledge to stay abreast of the latest technologies and threats – with training and ongoing education – is an investment that must be carefully managed.
To identify, deploy and update several best-of-breed technologies into one comprehensive security position takes time, effort and continuous resources. This is why many under-resourced CISOs, CTOs and technical managers opt for smarter, security-as-a-service alternatives. Security consulting and managed services aim to take a proactive approach, learning from threat intelligence and the customer base, to help customers stay in step with the changing threat landscape.
3. The growing IT skills gap
A recent report from the UK Government showed that a large proportion of non-cyber organisations have staff who carry out IT security functions on purely an informal basis; only 7% of businesses even had this responsibility formally written in to the job description.* The Government has also formally identified a cyber security skills gap in the UK, which clearly marks the pressing need for more cyber skills training across the board. However, it stills falls to organisations and their in-house teams to do much of the heavy lifting.
The cyber threat landscape is constantly evolving, meaning that managing cyber security requires specialist knowledge and skills that must be continuously refined and updated to reflect the complex threat landscape. Finding time for in-house staff to undertake dedicated security training is often difficult, particularly if it falls within the remit of already-stretched IT teams. To limit the risks posed to both businesses and the wellbeing of IT staff, effective cyber security and risk management requires dedicated professionals that are specifically trained, able to continuously identify new threats and maintain digital resilience across your entire organisation – from your infrastructure, your apps and data, to your network and endpoints.
By outsourcing security, businesses can gain access to a breadth of specialised expert knowledge, as well as an external viewpoint and fresh perspectives, which are essential when making any changes in or additions to IT infrastructure as businesses grow.
CTO and Vice President, at Telefónica Tech UK&I