Intelligent CISO Issue 55 - Page 33

PREDICTIVE INTELLIGENCE

Improving cybersecurity with Managed Security Services Providers

Jon Pratt , CIO at 11:11 Systems , discusses cybersecurity resourcing and the benefits of Managed Security Services . espite a global

D spend of over US $ 130 billion on cyberdefence and thousands of vendors now active in the cybersecurity marketplace , the environment is getting worse when it comes to security risk .

The number , nature and severity of cybersecurity breaches continues to escalate since the pandemic began . In fact , a security breach or ransomware attack has been recorded every 11 seconds so far through 2022 and 61 % of organisations report at least one attack every year .
Considering this increasingly sophisticated threat landscape , modern organisations are resetting their expectations . Where legacy security tech stacks have failed to keep up with the evolving threat landscape , IT leaders are continually seeking new ways to develop a stronger security posture , without having to start from scratch .
Finding the right talent to tackle this is an ongoing challenge . The continued global cyber skills shortage shows no sign of abating , as the ever-evolving threat landscape drives expectations for an increasingly broad security knowledge base and skill sets .
As a result , there are now millions of positions going unfilled globally and this , in turn , is creating a huge demand , with internal staffing resources becoming prohibitively expensive .
CISOs want solutions that put their organisations into the right security posture and that will allow them to manage risk more effectively . Cyber insurance is one aspect , as it provides an extra layer of protection in the event of an attack by enabling security leaders to transfer cybersecurity risk to the insurance company .
But do cyber insurance premiums cover all ransomware attacks and are CISOs getting the gap analysis right ? Given all the risk inherent with cyber insurance , the requirements to obtain a policy has become increasingly difficult , on top of a significant trend up for the cost of protection , rising an average of 30 % year-on-year and there are no signs of this slowing down .
Compliance and reporting are a further challenge that CISOs cannot ignore . To be certified and compliant , not only must all standards and regulations be met , but
Jon Pratt , CIO at 11:11 Systems security leaders must ensure adequate and timely reporting . So how can security leaders navigate these challenges ? How can they approach resourcing and what are the key technologies that will enable them to unlock best practices ?
Cybersecurity frameworks and mission critical technologies
The NIST Cybersecurity Framework has been developed to guide IT security professionals in evaluating their security posture and improving their risk mitigation . This framework helps organisations to ensure that they have the right systems to provide an adequately robust approach to cybersecurity .
It covers five actionable risk management strategies : ‘ identifying ’, ‘ protecting ’, ‘ detecting ’, ‘ responding ’ and ‘ recovering ’ from a cybersecurity attack .
Identification
No matter where the end-user is , vulnerabilities exist . Tens of thousands of new vulnerabilities are posted per year , approximately 55 new vulnerabilities are posted every day . While in-house IT teams can only solve some of these , around 5 % pose a real risk – those that can be remotely exploited and have already been weaponised ..
It is critical to assess , prioritise and remediate the most important risks to the network and business with Continuous Risk Scanning , which provides a view of all assets that exist within a network environment and advises teams to focus www . intelligentciso . com
33