by Raja Patel

May 18, 2023

Summary.   

The way to detect and neutralize determined cyber attackers is with 24/7 eyes-on-glass delivered by expert security operations professionals. These highly skilled operators have never been more critically urgent. Few organizations, however, have the right tools, people, infrastructure, and processes in-house to do this on their own. Global cybersecurity workforce shortages complicate the challenge, increasing risk and exposure to potential attacks for those without the necessary, on-demand resources. CSaaS is a security model where organizations leverage outside specialists to fulfill critical cybersecurity needs — such as around-the-clock threat monitoring. By outsourcing or augmenting IT teams to include managed cybersecurity services, organizations can more effectively mitigate attacks before they cause damage.

We have reached a tipping point where cybersecurity has become too difficult and moves too fast for most organizations to manage it effectively on their own. Despite considerable ongoing investments in people and technology, the complexity of deploying, integrating, and managing cyber defenses is leaving many organizations exposed to the financial and operational consequences of a cyber incident.

With adversaries continuously innovating and industrializing their ability to evade defense technologies, cybersecurity-as-a-service (CSaaS) may be the most viable economic approach to managing cybersecurity — especially amidst today’s macroeconomic climate.

The Cost of Inaction

When it comes to cybersecurity, the potential bill for not maintaining up-to-date cyber defenses is significant. The average cost for a small or mid-sized organization to remediate a ransomware attack is $1.82 million. The remediation costs are just part of the story: 66% of organizations were hit by ransomware last year, and 84% of those in the private sector said it caused them to lose business. While cyber insurance may cover some of the bills incurred due to the attack, it cannot mitigate all commercial costs.

A recent example is the UK’s national mail service, Royal Mail, which experienced a ransomware attack on January 11, 2023. Its international export service was highly disrupted, and it was unable to process international parcels through its branches for six weeks. This inability to operate forced many customers to switch to alternative service providers, with major long-term commercial consequences.

Technology Is Not Enough

Cybersecurity technologies will always be essential. However, technology is not enough on its own. Organizations need security operations professionals to monitor their environment 24/7, in order to investigate potential incidents, to remediate issues, and to regularly review and enhance their security posture.

For example, when an email security solution detects and blocks a phishing attack, this is just the first stage in neutralizing the threat. Human experts need to investigate the incident to determine the full scope: Did any similar emails reach other users’ inboxes? Has there been any network traffic to the malicious URL used in the email? Only when you have investigated the full potential of the incident, eliminated any attack remnants, closed all vulnerabilities, and determined there is no data loss can you consider the incident closed.

Without this level of security operations expertise, organizations are at greater risk of suffering the consequences of a major cyber incident while also failing to get full value from their existing security investments.

The Critical Need for Specialist Operators

The way to detect and neutralize determined attackers is with 24/7 eyes-on-glass delivered by expert security operations professionals. These highly skilled operators have never been more critically urgent.

Few organizations, however, have the right tools, people, infrastructure, and processes in-house to do this on their own. Global cybersecurity workforce shortages complicate the challenge, increasing risk and exposure to potential attacks for those without the necessary, on-demand resources.

CSaaS is a security model where organizations leverage outside specialists to fulfill critical cybersecurity needs — such as around-the-clock threat monitoring. By outsourcing or augmenting IT teams to include managed cybersecurity services, organizations can more effectively mitigate attacks before they cause damage.

Whether organizations choose to fully outsource to a third-party provider or have them work in partnership with their internal team, there are several economic advantages:

Minimize the risk of a debilitating cyberattack: The cost of CSaaS services is considerably lower than the average cost of recovering from a ransomware attack, which according to new research totals $1.82 million excluding ransoms paid. With 66% of U.S. organizations reporting that they were hit by ransomware last year, investing in prevention rather than picking up a hefty recovery bill makes clear economic sense. Breach protection warranties further mitigate economic risk in the event of a cyber incident.

Lower costs while elevating protection: Security operations is a highly complex activity. Individuals in this space need to possess a specific and niche set of skills, making that talent expensive, hard to recruit, and hard to retain. Through leveraging economies of scale, outsourced services are considerably more affordable. They also give you more bang for your buck, bringing a level of expertise and speed of response to the table that is nearly impossible to replicate in-house.

Accelerate delivery of strategic business initiatives: The urgent nature of cybersecurity operations often prevents IT and cybersecurity teams from focusing on more strategic challenges. Organizations that leverage CSaaS report that they have considerable capacity and efficiency improvements, enabling in-house teams to better support delivery of business-focused efforts.

Leverage existing investments: Security operations specialists use alerts from endpoint, network, email, cloud, and identity solutions that organizations already have in place to identify and neutralize suspicious activities. With CSaaS, existing tools can be leveraged in elevating the organization’s defenses — increasing effectiveness on prior investments.

Optimize your cyber insurance position: High levels of cyber security control are now commonly required by insurance providers as conditions of coverage. Their goal: to reduce the likelihood that an organization will experience a major cyber incident and make a claim on their cyber insurance policy. CSaaS enables organizations to achieve many of the cyber controls that are key to insurability and superior policy offers, including 24/7 Endpoint Detection and Response (EDR), cyber incident response planning, logging and monitoring, and more.

Organizations of all sizes are struggling to keep pace with adversaries, and they need help.  Prioritizing cybersecurity is not just an operational necessity; it’s an economic imperative — and, for many, CSaaS is the only plausible solution amidst today’s macro-economic climate. https://buy.tinypass.com/checkout/template

  • RP Raja Patel is senior vice president of products and managed services at Sophos, where he leads the global next-generation cybersecurity leaders’ innovative product strategy and roadmap to deliver better security outcomes for organizations worldwide. Before joining Sophos, Raja served as vice president of security products at Akamai, vice president and general manager of enterprise security products at McAfee, and general manager for Intel’s network security business unit. Throughout his long tenure at Cisco, he also held numerous security and enterprise networking leadership positions.