As we’ve highlighted in past blog posts, technology on its own is just that – technology. It will not magically wipe away all cybersecurity threats. The good news is many businesses understand they must engage in cyber-intelligence activities to safeguard their data. Many are now utilizing various types of technology – such as SIEM, GRC, DLP and encryption – to help provide a line of defense against cyber-attack.
Traditional, tactical, and technical “depth of defense” approaches are a large piece of an organization’s cyber defense, but they’re only half of an overall solution. Too often, the solution is inwardly focused, inefficient, and highly susceptible to attacks.
In a perfect world, you will have someone at the helm who at the very least is a high-level cybersecurity leader with direct access to your company’s top brass. A nice bonus would be employing certified/expert level security personnel to parse through the data, understand it, and take action.
Research from the Ponemon Institute found that employing a high-level security leader and certified security personnel saves enterprises millions of dollars. No, this isn’t an April Fool’s joke.
Companies employing expert staff save an average of $1.5 million, and those that appoint a high-level security leader reduce costs by an average of $1.3 million. Having professionals who can create a strategy and use technology to enable and execute the strategy is worth just as much, if not more, than deploying cybersecurity technologies on their own.
The next question you should ask, given that we’ve shown there’s clear ROI in having dedicated security staff and technology, is whether you want to bring it all in-house or leverage a third-party cybersecurity expert.
Here are several points to consider with both approaches:
- Access: You know your business best, so starting a cyber-intelligence initiative has the benefit of perspective on every part of the business you’re trying to defend. Since it’s all inside your walls, it should be easier to analyze every part of your business.
- Prioritization: Executing initiatives in-house lends itself to better triage around what’s most urgent to address.
- Convenience: Gathering, evaluating, and sharing information – as well as integrating collected data into existing technology – should be more straightforward.
- Cost: Even for companies with healthy cyber defense budgets, the in-house option to establish a robust intelligence program to address cyber-threat planning can seem expensive. However, we’ve shown that the ROI for these investments is clear.
- Time: Standing up a cybersecurity initiative from scratch requires seeing things through for the long term. You’ll need to take the time to analyze, hire, implement, and execute. It won’t happen as quickly as it could if you hired a third party.
- Talent: The specialized expertise required to conduct effective intelligence gathering and analysis means bringing hard-to-find new and different roles to your organization. These are long-term investments to ramp people up on your culture and how you do business.
- Data: Acquiring access to all the data sources you need to support a robust intelligence gathering and analysis effort is a tall order. But if you are doing this all in-house, you at least know who you need to hold accountable.
Outsourcing to a Third Party
- Access: Unlike having everything in-house, leveraging a third-party provider means you’re usually at their disposal. You can’t walk down the hall and talk cybersecurity the way you could if you had a staff in-house.
- Prioritization: No one is going to care like you do. Whether that’s about existing threats or new ones that pop up, there’s always going to be an urgency and importance gap. The issue these days is that time-to-response has never mattered more.
- Convenience: The ability to take produced intelligence and share it across your enterprise is always going to be affected when you depend on someone else. Integrating external data with your processes and environments is always a challenge.
- Cost: Even when outsourcing, cost is a concern. However, these teams can be productive much faster by virtue of their specialization and experience.
- Time: Usually, once the “learning curve” coordination period is over, providers with service level agreements and quality of service promises usually deliver results faster than in-house efforts.
- Talent: Providers specializing in intelligence services typically recruit, hire, and train analysts and investigators steeped in intelligence methodologies.
- Data: In most cases, intelligence and analytics providers trade in access to sources, as well as a variety of aggregate data sets. What they don’t have, many are usually able to partner to obtain.
There’s no single correct answer for having a 100 percent in-house, completely outsourced, or hybrid approach to cybersecurity. My hope is that these considerations will help you and your senior leadership team start thinking through what makes the most sense for your business.
Above all – whether you are hiring a leader in-house or deciding to go with a third-party – make sure that you investigate anyone you are going to trust with your cybersecurity strategy. Here at US Cyber Vault, our decades of security experience enable us to help you protect against threats, provide a secure data and computing environment, and deploy an incident response team of counter intelligence experts with guaranteed day-zero breach detection. Request a free trial today so we can prove it to you.
Written by Rob LaMear, CEO, US Cyber Vault
Once a month we share where we will be speaking in the world as well as expert opinions on cyber security, data loss prevention, and information security that we like from the larger community. Receive our next issue by signing up here.