» INSIGHT
THE TIME IS NOW FOR OUTSOURCED SECURITY SERVICES Matt McCormick, SVP Business and Corporate Development, ThreatQuotient opines that MSSPs and MDR services will remain an important option for many companies for the foreseeable future
F
or years we’ve been talking about the skills shortage that plagues the cybersecurity industry and which some reports now peg at three million and growing. Organizations lack trained, experienced resources in many areas including expertise in management and monitoring of the infrastructure protecting an environment, incident responders, threat intelligence analysts, security operations engineers and even security leadership. These gaps increase cybersecurity risk for organizations and their key stakeholders, including customers, employees, business partners and shareholders. No group feels the impact more every single day than an organization’s cybersecurity team. Enterprise Strategy Group (ESG) recently surveyed cybersecurity professionals and Information Systems Security Association members about their
32
experiences on the job. The report, “The Life and Times of Cybersecurity Professionals 2018,” concludes that the ramifications of the skills shortage include an increased workload on existing staff, an inability to fully learn or utilize some security technologies to their full potential, and the need to spend significant time training junior employees since it is difficult to hire experienced cybersecurity professionals. When organizations do manage to hire top talent, they experience trouble with retention. Three quarters of survey respondents told ESG that they are solicited to change jobs by recruiters at least once a month. The result? Salaries, attrition and competition for skilled applicants are soaring. Outsourcing to a managed security services provider (MSSP) or a provider of managed detection and response (MDR)
CXO DX / NOVEMBER 2020
services is one of the strategies that organizations are using to close the skills gap while mitigating cybersecurity risk. MSSPs offer 24x7 monitoring and management of security devices and systems and are in the position to hire, train and leverage security experts across many different customers. Providers of MDR services focus on detecting threats that have infiltrated an organization’s network, capabilities sometimes not offered by MSSPs. Both types of services help organizations reduce costs building out their own security operations center and get the expertise they need to adequately protect their environment. These services are in such demand that IDC predicts global security spending will top $103 billion in 2019, with managed security services accounting for the largest category of spending at more than $21 billion. MSSPs and MDR services will remain an
