Blog

Lack of Cyber Security Professionals — Outsourcing the Answer?

Posted on November 09, 2016 by Julie Palacio
The U.S. Director of National Intelligence ranks cybercrime as the No. 1 national security threat.1 This dangerous threat is not going away and is driving the need for and hiring of cyber security experts within every industry.

 

Shortage of Cyber Security Professionals

However, companies are also facing a cyber challenge of another kind, they are discovering there’s a shortage of skilled cyber security experts able to protect their organizations. A recent Tripwire survey found that 72% of IT security professionals surveyed were having challenges hiring skilled cyber security experts to detect and respond to a serious cyber security breach.2

The Tripwire report also found that over fifty-percent of these same organizations are experiencing a problem not only recruiting skilled cyber security experts, but also training and retaining them. Yet the majority of these companies do not even have a comprehensive training program to build cyber security expertise. There is also widespread concern that this lack of skilled cyber security experts is also increasing security risks.

 

Technology Sprawl Adds to the Challenge

Many of these organizations have attempted to use technology solutions to fill a gap left by the lack of skilled professionals. According to Tim Erlin, Senior Director of IT Security and Risk Strategy for Tripwire advises, “While tools can’t replace people, effective automation can give skilled employees more time to spend on the tough problems.”

However, this additional technology leads to yet another challenge, “technology sprawl” caused by the increased deployment of a wide variety of technologies. A concern that was expressed by over two-thirds of IT professionals in a Frost & Sullivan report.3 The implications of security technology sprawl falls into two categories: reduced security efficacy and productivity, and an increased need for training and workarounds, compounding the existing problem.

 

Outsourcing as a Solution

How can organization solve this shortage of in-house cyber security experts and the challenge of technology sprawl, by leveraging the expertise of outside resources. Outsourcing is a viable solution for augmenting existing internal security teams.  It is being found effective as a solution to variety of operations and services according to the Frost and Sullivan report. The following table shows how organizations are using outsourcing as a cyber security solution.

 

Outsourced security operations:

Current use of professional security services:

  • 40% Threat intelligence, research, detection, forensics, and remediation
  • 34% implementation services (integration, security product installation and migration, security product life cycle management)
  • 37% Security asset management and monitoring (e.g., firewall, IPS)
  • 33% Technical services (security audit, breach management, residency)
  • 28% Risk and compliance management
  • 26% Security advisory (security strategy, security governance and compliance, training)

 

 

The Outsourcing Advantage

Contracting with outside experts for cyber security services and operations is effective for two key reasons.

  • First, managed security services providers have access to multiple sources of threat intelligence from a broad range of industries. This enables them to garner cyber security intelligence that is much broader and deeper than any one single company can access and process. It is invaluable information in a world of escalating cybercrime, where every day a new malware or vulnerability is discovered.
  • The second key factor for outsourcing, firms who outsource do so because it is more productive, efficient and cost effective. Companies are discovering that outsourcing cyber security services is solving their skills gap challenge, with the added benefits of cost savings and better threat intelligence.
Is it time for you to consider an outsourcing partnership as a solution to your cyber security challenges?

 

 

Sources:

 

1Experian, “Third Annual Data Breach Industry Forecast,” 2016

2Tripwire, “Tripwire Security Challenge Survey – Skills Gap,” 2016

3Frost & Sullivan, “The 2015 (ISC)2 Information Security Workforce Study,” 2015

This entry was posted in Blog and tagged Training, Managed Security, Cyber Security, Skills, Technology, Hiring, Threat Intelligence, Outsource, Partner