Attracting and retaining cyber security talent is a key challenge for organisations in 2023, says Richard Ford, pictured, CTO at Integrity360.
In the UK, the Department for Digital, Culture, Media and Sport (DCMS) estimates that more than half of all businesses in the UK (697,000) have a basic cyber skills gap. This is very concerning. The impact of cyber skills shortages on organisations is significant, with Fortinet’s 2022 Cybersecurity Skills Gap Research Report revealing that 80 per cent of firms have suffered from one or more breaches that could have been mitigated with better cyber security skills and awareness.
From reputational damages and a loss of customer trust to legal issues and financial losses, the consequences of any single cyber-attack are often crippling. Indeed, IBM’s Cost of a Data Breach Report 2022 estimates that the average total cost of a data breach is $4.35 million, while Fortinet’s report reveals that nearly four in ten (38pc) of enterprises reported breaches that required more than a million dollars to remediate. Unfortunately, much of the problem at present stems from the fact that many firms’ primary security focus continues to centre around preventing threat actors from targeting critical systems and data in the first instance.
This is undoubtedly an important piece of the cyber security puzzle. Yet it is also just that – one piece of the puzzle among several others.
Such organisations in this boat find themselves unequipped to respond if this first line of defence falls. To prevent such scenarios from occurring, enterprises instead need to adopt an all-encompassing package of solutions and services capable of detecting, analysing and responding to threats that have bypassed preventative controls.
Here, Managed Detection and Response (MDR) offers an extremely effective pathway to enhanced protection. Critically, MDR is a selection of services that go beyond traditional security monitoring and threat detection, capable of delivering containing threats that have bypassed preventative security measures across networks, endpoints, and the cloud at speed.
A recent survey from Integrity360 revealed that 29pc of organisations believe that MDR should be prioritised, suggesting that they will allocate significant proportions of their cyber security budgets to managed security – and for good reason. Indeed, our research also shows that organisations utilising MDR services have 62pc fewer security incidents per year. This is not a coincidence. Indeed, MDR is the gold standard of modern security in many ways, offering real-time threat detection, proactive threat hunting, incident containment, incident response, threat intelligence, security incident analysis, compliance reporting, and 24/7 monitoring.
Accessing solutions with limited budgets
Of course, none of these things come free, requiring money, time, effort, and resources – something that enterprises don’t always have during an economic downturn where cyber security budgets are tight, and risks heightened. In cost-conscious enterprises, many business leaders attempt to bridge the cyber skills, knowledge and solutions gaps themselves – an approach that rarely leads to the provision of optimal protection.
Fortunately, there are alternative avenues which can be explored, with outsourcing being an increasingly popular and cost-effective option. By working with an external MDR solutions specialist, firms can tap into cutting-edge software and tools without having to pay expensive fees to develop of acquire them in-house. At the same time, service providers serving multiple businesses will have the finances available to continually invest in enhancing and evolving their offerings.
Increasingly, this is an avenue that enterprises are exploring as they assess the value and efficiency of their security solutions. Indeed, 40pc of respondents to our survey feel cyber security testing is best outsourced over handling in-house, while 35% are of the view that a service provider is better placed to manage cloud computing security.
See also the company’s blog.
