[BreachExchange] 3 Barriers To Cybersecurity Success And How To Overcome Them

Audrey McNeil audrey at riskbasedsecurity.com
Fri Apr 7 13:56:01 EDT 2017


https://www.forbes.com/sites/centurylink/2017/04/06/3-
barriers-to-cybersecurity-success-and-how-to-overcome-them/#26372dd56dd0

2016 was a record year for data loss with reported breaches exposing almost
4.3 billion records. While the reported number of incidents has not
increased year over year, the average breach was more severe – and exposed
more records – than in previous years. You only need to look at the number
of compromised records at three breaches in 2016 to see examples of the
severity: Yahoo, FriendFinder and MySpace. Almost daily, we hear about
other threats like the WikiLeaks release of secret methods used by the
Central Intelligence Agency to penetrate everything from cell phones to
televisions. While this information is now readily available to would-be
hackers, it also provides a clear picture of where our vulnerabilities lie.

Distributed Denial of Service (DDOS) attacks have more than doubled in
recent years, with the average attack severe enough to take an unsuspecting
organization completely offline. In 2016, over 600 million ransomware
attacks occurred, costing businesses millions of dollars. While there are
hard costs associated with security incidents in terms of lost data or
ransom paid, executive leadership also needs to be prepared for other
business impacts such as brand erosion, loss of customer goodwill,
shareholder disappointment and earnings volatility, all of which can incur
costs months and even years after an initial security incident.

It’s clear from my conversations with CIOs and other leaders that everyone
knows they need to secure their networks and systems. However, with
enterprises lacking IT resources, dwindling budgets and the sheer volume of
risk to manage, handling security nowadays has become a seemingly
insurmountable task. Consequently, more and more businesses are looking
towards Managed Security Service Providers (MSSP) for help. Here are three
common security challenges companies face and how MSSPs can help solve them.

Specialized talent shortage

There’s a shortage of qualified IT security staff, making it difficult for
management to attract and recruit qualified personnel. Escalating salary
requirements further complicate the situation. Consequently, many companies
skip some of the security management basics simply because they don’t have
the time or staff required to implement these practices, making them prime
hacking targets. An MSSP can operate in a variety of capacities and fill in
whatever security gap a company may have. This includes not only devising a
security and compliance strategy for networks and devices, but taking over
daily security management. By partnering with an MSSP, not only do you have
access to a dedicated and specialized workforce, but you also benefit from
a team of experts that understands the dynamic security landscape and the
latest threats. Just as you would depend on a CPA to manage your tax filing
because of their knowledge of tax law, an MSSP can provide a level of
security expertise that is hard to obtain on your own.

Prioritizing risk

There’s no such thing as perfect protection. Rather, it’s a matter of
appropriately managing risk and making a conscious decision about what to
do, and perhaps more importantly, what not to do. For example, while you
may be dedicated to building a digital fortress with multiple levels of
security, the sheer volume and variety of threats make it difficult to
assess your current vulnerabilities and to plan an appropriate course of
action. An MSSP can identify your security vulnerabilities and compliance
requirements and help you implement a plan that’s unique to your
organization and business situation. From there, you have two options. Your
IT team can execute the security plan or you can leverage the MSSP to
manage your day-to-day security needs. For example, at CenturyLink, we help
our customers efficiently manage risk by creating a customized security
plan, including threat intelligence, detection and response for a myriad of
security concerns.

Managing security expenses

While buyers are spending more than ever on security-related hardware and
software, many companies are still exposed and inadequately prepared for a
security incident. Simultaneously, buyers are also under pressure from
management to reduce spending and provide more predictable operating
expenses. But, there is good news. Effective preventive measures aren’t
necessarily cost prohibitive. An MSSP can help you spend your security
dollars smarter by focusing your spending on the priorities that will have
the most impact on your security and compliance posture. With a managed
security approach, you transfer the cost of ownership, thereby reducing the
need for capital investments. You’ll gain a predictable OpEx model that is
easier to forecast and budget, especially important when IT budgets are
expected to remain flat in 2017.

Increasingly, we’ve found customers who leverage Managed Security Services
are able to move from a reactive stance to a proactive security strategy
against a rapidly changing threat landscape. Today’s reality is that you
need to operate with the assumption that your organization will be
breached. However, by partnering with an MSSP, you benefit from “strength
in numbers” from an intelligence perspective and increase the likelihood
you can stay one step ahead of potential hackers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170407/a2ff1b05/attachment.html>


More information about the BreachExchange mailing list