by: Richard Ford, CTO at Integrity360
Cyber security professionals have confronted both challenges and opportunities in recent times.
Looking back at Gartner’s 2022 Board of Directors Survey, it’s clear that the C-suite is increasingly recognising cyber security as a key business priority. Indeed, between 2016 and 2021, the proportion of company boards that consider cyber security a business risk rose from 58% to 88%.
However, while this improvement in perception among business leaders provides reason for optimism, there are unfortunately other factors at play that are serving to stifle key progress – namely, the cost-of-living crisis.
Ultimately, it is tricky for CISOs and CIOs to harness improving security sentiment in any meaningful way in the current economic climate, with many businesses looking to reduce spend and get a better grip of their finances.
It’s a difficult situation. Of course, many businesses simply need to cut spend to navigate current uncertainty or stay afloat altogether. However, it’s potentially the worst possible time for firms to be taking their foot of the digital protection pedal.
Slashing cyber security budgets can create gaping holes in an organisation’s defences that, if exploited, may leave even the most financially savvy enterprises crippled. According to IBM’s Cost of a Data Breach 2022 report, for example, the average cost of a data breach last year was a whopping $4.35 million.
Not only that, but limiting expenditure can leave firms struggling to attract and retain increasingly scarce cyber security talent.
According the (ISC)2 2022 Cybersecurity Workforce Study, there is currently an estimated shortage of 3.4 million security professionals globally, with Fortinet’s 2022 Cybersecurity Skills Gap Research Report revealing that 80% of enterprises could have avoided breaches if they had had better cyber security skills.
The merits of managed detection and response
The current financial conundrum leaves many CISOs and CIOs lacking the necessary funds and resources to manage and increasing number of protective priorities.
More than ever before, the need for savvy and efficient investment is clear. So, where exactly should security leaders be focusing spend to optimise their organisation’s defences in the most cost-effective manner?
Managed detection and response (MDR) is often a good place to start.
Today, many organisations are burdened with protecting increasingly expansive digital footprints spanning cloud environments, user and machine identities, SaaS applications and remote user endpoints that extend far beyond the traditional network perimeter.
For companies struggling in this regard, MDR can be leveraged to redirect spend away from legacy solutions that are no longer fit for purpose and towards turnkey services delivering advanced threat prevention and detection technologies in respect of incident investigation, alert triaging, remediation and proactive threat hunting.
What is perhaps most attractive about MDR is the ability of firms to outsource many key aspects of their security strategy to external specialists.
Building an effective cyber security program from scratch can be expensive owing to the range of tools, licenses, and personnel required. However, in the case of MDR, many of the associated costs are shared across the provider’s customer base. This decreases the total cost of ownership dramatically, enabling all client organisations to achieve cyber security maturity more quickly than would be possible internally.
In essence, it removes the need for any single organisation to invest significant sums in bringing expensive solutions or security professionals commanding huge wage packets in-house. Instead, the same expertise can be tapped into as needed on a 24/7/365 basis, helping firms to bridge the cyber skills gaps in a cost-effective manner while easing the load on internal security teams.
The effectiveness of outsourcing for cash-strapped companies
Fortunately, the merits of this approach are increasingly being recognised.
In a recent Twitter poll by Integrity360, 29% of respondents agree that MDR should be prioritised, highlighting that they will allocate the most cyber security budget to managed security – and for good reason. Indeed, our research reveals that organisations utilising MDR services experience 62% less security incidents per year on average.
Our survey also shows that many entities are recognise the rewards of placing their trust in external specialists.
Four in 10 (40%) believe cyber security testing is best outsourced over handling in-house, while more than a third (35%) feel a service provider is better placed to manage cloud computing security. On the flip side, almost a third (31%) of respondents said their firms allocate 30% of their cyber security budgets to tools and solutions that are not used to their full potential.
Indeed, as cyber threats continue to evolve in frequency, sophistication and efficacy, companies must roll out a comprehensive service to meet their security needs. And MDR allows them to achieve this, without breaking the bank.
Having recently been named as a Representative Vendor in the 2023 Gartner Market Guide for Managed Detection and Response (MDR) Services, we understand the deep technical expertise and innovative technologies that can be used by MDRs to help companies to secure their operations while serving as an extension of their team:
- MDR offers access to experienced security analysts on a 24/7 basis, without the costs of acquiring full-time staff and resources.
- Delivers improved threat detection, extended detection coverage, and in-depth investigation of alerts and incidents.
- Provides proactive threat hunting underpinned by broad threat intelligence databases.
- Accelerates detection and response times, often backed by service level agreements (SLAs), to reduce the costs and impacts of attacks.
- Delivers guided response and managed remediation to enable rapid recovery.
- Improves compliance and reporting.
In the current economic climate, threat actors are actively looking to take advantage of opportunities and vulnerabilities. It’s therefore critical that even cash-strapped firms do not cut security corners. With MDR, dramatic improvements can be made, all while keeping costs down.
