-optimized.jpg){kind=avatar}
Dominic Carroll, pictured, Director of Portfolio at the managed threat detection and response company e2e-assure, looks at how professional services organisations can ensure cyber resilience.
According to e2e-assure’s recent study, Threat Detection 2024: Rejuvenating Cyber Defence Strategies, 77 per cent of professional service organisations have experienced a cyber-attack.
CISOs and cyber security decision makers in professional services cited control over their cyber security service as the most important factor when making decisions around their security environment (43pc), compared to speed across other key sectors, such as Healthcare. With organisations in this sector liable to face hefty fines and reputational damage should they fail to comply with multiple regulatory standards, itโs essential that they have a cyber security solution that helps them to adhere to guidelines through strong defences.
Despite this need for control, most Professional Service organisations told us that they fully outsource their cyber security operations (40pc). However, worryingly, only 20pc describe their cyber security set up as โresilient.โ This raises the question as to whether outsourced providers are performing adequately and if not, how businesses and providers can work together to ensure future cyber resilience in an increasingly complex threat landscape.
What are the key frustrations facing the sector?
When asked about their top frustrations, over a quarter (26pc) said their provider was not being proactive and a further 26pc said they were escalating too many false positives.
Agility and flexibility are also important for this sector, with four in ten (41pc) saying that they donโt have but desire flexible contracts that can adapt the scope of the original contract signing. Often, providers rely on re-selling pre-configured product offerings that are not tailored to the specific needs of an organisation. This often leads to timely security updates or patches being missed, meaning businesses struggle to respond to emerging threats, as true positives fail to be identified.
This can also lead to service offering bolt-ons, something that 23 per cent of professional service organisations rated as a key frustration. For organisations that are already grappling with budgetary constraints, this can mean being unable to ensure their cyber provision will continue to be fit for purpose over time.
Is SOC-as-a-Service delivering on its full potential?
With a large percentage of organisations fully outsourcing their cyber security operations and given the exponential growth of SOC-as-a-Service, it remains one of the top cyber operations for Professional Service organisations, with nearly a quarter (24%) choosing this approach.
However, we found that a worrying majority (69pc) said their service is either OK but thereโs room for improvement (38pc) or that their SOC is under-performing and theyโre looking to make changes (31pc). Key frustrations include long and complex contracts (40pc), poor SLA response times (26pc) and providers escalating too many false positives (26pc).
In an industry dealing with sensitive data and often high monetary value, itโs imperative that security procedures are in place that are continually assessed and updated to enable cyber security providers to act quickly as threats advance.
A quarter (27pc) of professional service organisations that have SOC-as-a-Service, state that they donโt have but desire real-time visibility of reporting which shows up-to-date cyber posture. Itโs clear that having a strong understanding of how they are faring, and the changes they can make to their provision to ensure cyber resilience in an ever-evolving cyber landscape, is of utmost importance and will give CISOs in the sector the high level of control they desire.
Providers in this sector should therefore look to work in collaboration with their customers, providing flexibility and the ability to offer clear road maps on how organisations can ensure continued resilience.
Looking ahead
A critical shift is essential to elevate cyber defence quality to meet the demands of Professional Service organisations in 2024. As cyber threats evolve rapidly, these organisations must be vigilant and prepared to respond instantly.
To boost performance from their providers, organisations can take impactful steps. This includes demanding more proactive, up-to-date and accurate reporting to drive quicker decision making. As one of the top frustrations for CISOs, too many false positive alerts are creating a lack of clarity in the professional services sector, resulting in a delayed response which can lead to greater damage to an organisation.
