More than 50% of UK businesses are opting to use outsourced partners for cybersecurity services.
According to research by Skurio, there is a lack of in-house expertise in the area of digital risk protection – the ability to monitor risks, threats and breaches outside the network. The research found 80% of respondents stated their teams lack skills and knowledge in this area.
Jeremy Hendy, CEO of Skurio, said: “We’re facing exceptional circumstances in terms of working practices and how we need to manage cyber-threats, and this is placing significant pressures on businesses of all sizes. We know that the luxury of in-house security teams, on call 24/7 to monitor for external threats, is simply out of reach for many organizations.”
He said that it is encouraging that organizations not only recognize the importance of protecting their customer data, but that there’s also an appetite for innovative and disruptive technologies to protect against new threats.
Commenting, Ed Williams, EMEA director of SpiderLabs at Trustwave, said he was not surprised by the 52% figure, as cybersecurity skills are highly specialized and can take a number of years to gain.
“The adoption of the cloud is a key area of focus for organizations and they are increasingly looking for security-related expertise to aid that journey,” Williams said. “They understand that they can’t afford to get this wrong as getting it wrong could have serious consequences for them. When we also look more recently, the COVID-19 pandemic highlighted that when organizations need to act quickly, they also need to balance that with ensuring that decisions and actions have been done securely.
“For example, there have been recent instances when we looked at VPN configurations and discovered a number of critical issues that could have been catastrophic, fortunately, we were able to identify these issues and they were remediated quickly.”
Faiz Shuja, co-founder and CEO of SIRP, called outsourced partners “an absolute lifeline for overstretched teams” as while cost is a driving force, “organizations also rely on the range of services that partners provide to protect against advanced attacks, to a level they can’t always replicate in-house.”
The Skurio research also found that as organizations manage more digital channels and use more third-party suppliers, the threat vectors rise exponentially. “Understanding your digital risk – all those threats on the deep and dark parts of the web – is a great first step in protecting against them. Businesses are much better prepared to mitigate an attack if they see it coming,” Hendy added.
In an email to Infosecurity, Sam Roguine, director at Arcserve, said there are always organizational and procedural steps that businesses must follow to have a complete cyber-threat protection strategy, but the tools and solutions would be too costly to insource, therefore he understands why outsourcing is so popular.
Asked about the 80% statistic around teams lacking skills and knowledge in the area of digital risk protection, Roguine said IT and cloud transformation initiatives put most organizations into a “transitional” state with up to a dozen different IT infrastructures, including the locations of where workloads and data reside.
“This causes an exponential rise of complexity when using a traditional approach to business continuity, data protection and cybersecurity – and a proportional increase of required relevant skills and knowledge. IT and other teams just cannot keep up internally,” he said. “That is why one of the primary trends is to simplify, consolidate and outsource.
“For example, hyper-converged infrastructure (HCI) is a way to combine all the pieces of a data center into one instead of planning – and making mistakes with – multiple components. Similarly to HCI, appliances and purpose-built devices combine preconfigured hardware and software, creating a shortcut from no solution to full implementation without a myriad of details. Also, cloud services (IaaS, SaaS, BaaS) provide a way to focus on business tasks, while letting the service provider handle the backend. All of these make IT more effective and allow teams to close skill and knowledge gaps, including business continuity, risk management, cybersecurity and data protection.”