Is cybersecurity still going to be part of the conversation when the pandemic is over? If Covid-19 has taught us anything, it is to accept that, moving forward, cybersecurity will be a critical component of hybrid work environments. The pandemic has likely made security teams more aware of digital risks and of the importance of strategic defense, security planning and risk management.
The fast pace of digital innovation in the past years has triggered a fast expansion of the threat landscape, with increasing attacks against governments and corporations. Unfortunate situations such as the SolarWinds incident, GitHub bugs, or Microsoft’s disclosure of several critical vulnerabilities in Exchange Server have shown the severity of the situation and why security needs to be part of the Board of Directors’ strategic conversations. As many as 77% of CISOs confirmed cybersecurity concerns are discussed in their board meetings quarterly.
Limited budgets and the security skill gap however are making it hard for some companies to face risks and threats in real time. As nearly 3.5 million cybersecurity positions have been estimated to be unfilled by 2021, outsourcing network security could be a solution, and might help prioritize alerts and solve organizational structure challenges.
Cybersecurity organizations have so far allocated most resources for cyber governance (12%), cyber resilience (12%), and cyber monitoring and operations (13%), says a Deloitte report. This is in line with the objectives explained in the National Institute of Standards and Technology (NIST) framework. Identity and access management, application and data protection, endpoint and network security, and third-party/supply chain security management each received 8% of resources.
Security operations (15.3%), vulnerability management (including attack surface reduction, threat hunting, threat intelligence) (14.9%), and physical security (14.6%) are some of the most outsourced security services, according to the same report. Less than 1% outsource all cybersecurity operations.
For enterprises that do not know how to tackle this, especially since they have limited resources, Managed Security Service Provider (MSSP) and Managed Detection and Response (MDR) services may help defend against complex attacks, source code leaks, and protect brand reputation. These services leverage threat intelligence and incident response expertise to optimize data breach detection times, while ensuring organizations meet regulatory and compliance requirements. Automated cybersecurity practices can help enterprises leverage advanced threat intelligence to react to security threats and digital risks in real time.
