With demand for security talent outstripping supply, MSSPs have never been more relevant
Over half the respondents to Kaspersky Lab's latest annual IT Security Risks (ITSR) survey agree that they need to employ more people with specific experience in IT security in order to meet their current and future cyber security needs.
This is being driven by growing awareness that organisations need to stay protected against a constantly evolving threat landscape, and therefore need to increase their investment to protect their data assets. Over the past several years, we have seen an ever-increasing number of cyber attacks. In 2016 alone our software blocked an average of 25 attempted web-based infections per second across our customer base.
However, according to the latest security workforce study by (ISC)2 the "workforce gap is estimated to be growing, with the projected shortage reaching 1.8 million professionals by 2022". This is a particularly worrying trend for the state of global cyber security but will be music to the ears of criminals.
With the levels of demand for security professionals outstripping supply, hiring costs have skyrocketed. A 2015 survey by Manpower found, "top cyber security experts are billing major companies more than £10,000 a day", whilst "less experienced experts can still charge more than £3,000 a day".
Though some large enterprises can often justify these high costs and investments towards business continuity and risk management, many others, as well as the majority of small and medium-sized companies competing for skilled hires from the same limited talent pool, are often unable to afford such wages and recruitment costs.
So, what's the solution?
In the long term, there needs to be a drastic change in the way the industry attracts new talent.
In the meantime, renewed focused needs to be placed on internal training and reskilling. We've seen in recent research that 35% of organisations are currently holding staff training programs in order to improve their in-house resources and employee skill sets. In addition, a quarter of businesses are focusing on enforcing company security IT policies to foster their employees' IT security knowledge and practises.
The use of this strategy is significantly higher for enterprises with large numbers of employees - as they are most vulnerable to the 'human factor', breaches caused by unwitting insiders.
Another strategy to plug the cyber skills gap can be to find trusted partners who can help design, develop and manage cyber security plans.
Generally, IT outsourcing has been embraced by SMBs, with 43% of respondents in our survey reporting that they were looking to do so this year. Small companies, and even larger ones, are also actively asking their partners to manage cyber security for them.
The research found that 60% of companies believe that using a managed service provider (MSP) or managed security service provider (MSSP) would be an effective measure, whilst 29% of businesses said they are using external consultants to advise on their organisation's security posture. Of these, 60% feel that external consultants are an effective IT security measure.
Though outsourcing IT security requires a large amount of trust, for SMBs the benefits of using MSPs are clear. MSPs are able to provide highly specialised technical on-call consultancy at affordable price points. In doing so, companies are able to avoid the large costs associated with IT security and free up resource to achieve other business goals.
Certainly, not all channel partners have traditionally offered security services as a key part of their portfolio, or indeed at all, but the case for doing so is clear. Though taking on the cost of making dedicated security industry hires is initially high, doing so will justify itself in the long term as not only can resources be pooled to service clients, but providing these additional services to existing clients opens up new revenue opportunities.
With the cyber security industry set to continue to show strong growth, services will make up a good percentage of that spend. According to Gartner, global spending on information security is expected to reach $90 billion in 2017, an increase of 7.6% over 2016, and to top $113 billion by 2020. It's clear that investing now in the right personnel will pay dividends in the future.
Taking a longer-term view, we at Kaspersky Lab are working to encourage partners, universities and other organisations to pave the way for the next generation of skilled cyber security professionals who will protect our businesses from criminals.
Russ Madley is head of B2B channel at Kaspersky Lab
Image: Shutterstock
