As businesses continue to focus on technology advancements to help with revenue growth and scaling, they must also face the challenge of securing their data. This task has proven to be much tougher than many believe. Recent studies have found some shocking trends and statistics about IT skills and what companies are doing to mitigate their risk of a security breach. We’ll review a recent study by Forrester and delve into the facts about IT security as well as how organizations can mitigate their risk.
First we’ll start off with a statistic that could you make a little uneasy. Hopefully you didn’t just scarf down your lunch. IBM, one of the world’s technology leaders, reported over 137 Million attacks against its approximately 3,700 customers in 2012. Yes, you read that correctly, 137 million. Of those attacks, only a small portion actually become incidents, but the shear volume is jaw dropping. As for the average monetary loss, IBM estimates that the average enterprise data breach can cost in the realm of $5.5 Million. Now think about the fact that these are stats from nearly two years ago. With the pace at which technology advances today it’s probably safe to say those numbers have grown a bit since that time.
If IBM’s experience tells us anything, it’s that data security and IT skills are an absolute must no matter the size of organization – from young to mature. However, one of the main problems is IT skills are in high demand, and growing, while supply is short and diminishing. This ultimately leads to organizations spending too much time on medial tasks because they don’t have the manpower to focus on broader initiatives. This ultimately leads to vulnerabilities. The following are several findings from a recent Forrester study about IT skills and how they affect data security. Forrester is a leading IT research and analysis organization. Their study suggests:
- Even mature organizations feel that staffing shortages expose them to high levels of risk. Forrester’s study found that organizations of all levels of maturity, size, and location recognize that they face increased risk exposure due to challenges with filling technical security roles with competent staff. The vast majority (86%) of security leaders believe that concerns relating to managing information risk were directly related to staffing difficulties.
- Difficulties with sourcing and retaining technical security staff are not short-term issues. Across the globe, CISOs and governments agree: Security staffing challenges aren’t going away. Security organizations will have to deal with technical skill shortages for the foreseeable future. Most (81%) of security leaders believe that staffing challenges will either stay the same or get worse over the next five to 10 years.
- Managed Security Services (MSS) can minimize issues with the technical skills dilemma. Security organizations must press on and create suitable options to compensate for an understaffed team. In particular, security leaders have been increasing their levels of technical automation and engaging with MSSPs to source the specialized skills, analytics, and intelligence capabilities they need. Those who currently outsource in this way find it to be an effective approach, with more than two-thirds of security leaders satisfied or very satisfied with their security services — and as high as 83% in some MSS categories.
- Security organizations should partner with third parties to slingshot ahead of the risk. Too frequently today, security leaders engage with an MSSP after they have developed and refined internal operational processes. This is no longer the correct approach. Security leaders should engage early with third parties, establish trusted partnerships to enable rapid technical advances, and then optimize processes once the initial implementation is deployed.
Forrester also found that even mature organizations carry too much risk, and many are too reactive when it comes to security and recovery. It’s their opinion that CISO’s (Chief Information Security Officers) feel little confidence that their organization is prepared for or has the ability to manage the risk of a data breach, and that it’s mainly due to staffing issues.
So, as you can see there are several things to take into account. First, there are more and more attacks occurring on your data than ever before. There are also less and less people with the technical skill to manage and maintain proper security. This can not only cost the organization monetarily when a breach occurs, but it also means hiring the proper talent can be expensive because of the short supply and high demande – as we’re all well aware of the concept of supply and demand and how it affects prices. Unfortunately, demand is at an all time high while there simply isn’t enough supply.
If you look back at the last two bullet points above, you’ll notice that outsourcing your IT and security needs is mentioned, and done so in a very positive light. Many organizations feel hesitant about allowing another company to manage their data, security, or infrastructure. This is a silly notion, as one must ask themselves, “Can we really do everything better than someone else?”. The main arguments for keeping things in-house are “We know our business better than anyone”, or “We can’t afford to outsource this or that”. Those arguments are no longer valid, especially when it comes to being able to afford outsourced services. Not only do companies like Neovera have the expertise to ensure your IT needs are fully met, they don’t break the bank either. IT management and IT security services are more affordable than ever, and the small cost of provisioning these services could save you big time in the near and distant future.