Does your cyber strategy need to shift gear to stay secure?
Written by Mark Skelton, Vice President and CTO, Telefónica Tech UK&I
This year and beyond, cyber security and how it is managed will be the highest priority on many board-level agendas. As companies look ahead and construct plans for the best way to conduct business, post-pandemic, it is crucial to evaluate the best cyber security posture for each organisation — with the following key considerations as part of this decision-making process.
Does your team have enough capacity?
Many IT teams are unsustainably stretched — which the numbers only back up. According to UK Government figures, half (50%) of all businesses have just one person managing or running cyber security in-house. Even among large businesses, the average cyber team comprises just two to three people .* (1) Defending businesses against increasingly sophisticated cyber threats is an incredibly demanding task; as a result, teams struggle to stay on top of important security practices such as vulnerability management and 24/7 network monitoring.
The pandemic, the switch to home working, and the impact of increasing amounts of data being used at the edge of networks have combined to create the perfect cyber security storm for those tasked with managing it.
Business leaders must, therefore, evaluate the capacity of IT teams and stress-test for when things go wrong. How long would it take an IT team to spot a breach, for example? Would this time put many of the team offline and affect business operations? Downtime is highly costly for businesses, with estimates of a loss of income at more than £4,000 per minute depending on company size and outage time. (2) That’s why the speed of detection is what many customers are now focussing on; however, few companies have 24×7, always-on security professionals at hand that can swiftly detect and remediate. And this slow response time can cost businesses crippling amounts, especially when it comes to large-scale attacks.
Can you keep pace with the latest cyber developments?
Typically, once the cyber defence has been deployed, the issue is then keeping pace with the thousands of updates issued each week. This means despite using ‘a proliferation of’ cybersecurity tools, unfortunately, many organisations are still being hacked.
Developing the correct cyber security and ensuring staff know to stay abreast of the latest technologies and threats — with training and ongoing education needs to be carefully managed.
Identifying, deploying and updating several best-of-breed technologies into one comprehensive security position takes time, effort and continuous resources. This is why many under-resourced CISOs, CTOs and technical managers decide not to go it alone. Many prefer instead to opt for smarter, security-as-a-service alternatives . Security consulting and managed services have the goal of taking a more proactive approach, learning from threat intelligence and the customer base, to stay in step with the changing threat landscape.
Do you have enough specialised skills?
The Government has formally identified a cyber security skills gap in the UK, which marks the pressing need for more cyber skills training across the board. Encouragingly, some steps are being taken to address these skills shortages, with new funding options for training announced as part of the Cyber Skills Immediate Impact Fund (CSIIF) for upskilling workers and filling knowledge gaps. (3) However, it still falls to organisations and their in-house teams to do much of the heavy lifting.
To limit the risks posed to both businesses and the well-being of IT staff, effective cyber security and risk management requires dedicated professionals that are specifically trained, able to continuously identify new threats and maintain digital resilience across your entire organisation — from your infrastructure, your apps and data, to your network and endpoints.
This requires experts who truly understand threat intelligence and the difference between false positives and real threats across your technology stack. But this expertise is tricky for many organisations to acquire in-house, especially given the high salaries of cybersecurity professionals.
By outsourcing security, businesses can gain access to a breadth of specialised expert knowledge , as well as an external viewpoint and fresh perspectives, which are essential when making any changes in or additions to IT infrastructure as businesses grow
Originally published at https://digileaders.com on March 30, 2022.