External threats are rife, and appear to be on the rise, while internal resources are stretched, all reflected in regular media headlines that cyber criminals are on the front foot, moving closer to achieving their corrupt objectives. Even the Electoral Commission has been subject to a data breach, more on that here.
However, we’re not here to preach about the rights and wrongs of what organisations are doing to protect themselves. Instead, we will examine one possible option for organisations as, alongside their vendor partners, they look to stem the tide and elevate their IT security posture. This ray of light comes from the utilisation of managed services providers (MSPs)/ managed security services providers (MSSPs).
Embracing external support to alleviate internal issues
It’s true that sometimes too many cooks spoil the broth. In business that proverb can rear its head in various ways – whether too many people being involved in a process causes a decision-making bottleneck, or teams end up at cross purposes on a project, there are a number of ways where a smaller, more streamlined team can be of benefit. This may also be true when it comes to IT security. However, in an ever-evolving space, where knowledge and expertise translate into power, surely the more brains there are working towards a common goal, the greater the chances of success when it comes to defending against cyber criminals.
The one thing to bear in mind here though, is that not all organisations have the expertise or the headcount in-house to throw towards IT and IT security needs.
The way in which respondents’ organisations’ IT departments are structured begins to highlight potential expertise and/or headcount shortfalls. Larger companies (1,000+ employees) are notably more likely than their smaller counterparts to have one overarching IT department, but with this large team also including a group that focuses specifically on IT security – i.e., a team of dedicated experts exclusively working on keeping the business secure.
It is therefore probably fair to assume that the IT teams within the smaller surveyed organisations – particularly those with only 1-49 employees – are in a tricky position when it comes to both headcount and security expertise as they aim to maintain a secure environment for the rest of their colleagues. And this provides a good basis for explaining why these are the organisations most likely (31%) to be utilising an MSP/MSSP in tandem with an internal individual/small team to manage their IT security needs.
Sharing expertise and responsibility
But this doesn’t tell the whole story – overall, almost half (46%) of surveyed organisations are leaning on an MSP/MSSP to some extent for their IT security needs, with this even applying to the largest surveyed organisations (5,000 or more employees) where 45% report that this is the case. Our two cents – this can only be a positive thing – the more brains at the table working towards securing organisations the better, while it also highlights the value that these service providers can offer. This line of thinking is supported by the fact that 59% of respondents from organisations using an MSP/MSSP for their IT security requirements, report that the IT security expertise offered by these third parties is among the reasons for their use in the first place – making it by far the most commonly reported reason.
Aside from the expertise that MSPs/MSSPs can offer, there is also the added bonus of easing the burden of responsibility on internal teams that are often already stretched and struggling from a skills perspective. This is clear from the 40% and 31% of our Community members respectively reporting that they don’t have the headcount or skills in-house to manage their organisation’s IT security needs.
It would, of course, be a stretch to say that without an MSP/MSSP organisations will inevitably fall victim to a security breach, but it stands to reason that the added support wouldn’t go amiss. Further to that, it seems fairly evident that once a partnership is in place, end user organisations, IT security vendors, and MSPs/MSSPs must seamlessly work together if they hope to stave off the continuous barrage of threats that they’re up against.
This is perhaps best demonstrated by the ways in which respondents’ organisations keep up to date with the latest threat intelligence. Approaching half (48%) do so through their product vendors ending alerts on specific threats to their products, while only slightly fewer (43%) utilise specific threat intelligence tools from their vendors. And MSPs/MSSPs can also play their part by keeping end user organisations up to date with the latest intelligence, as is the case for 28% of those surveyed.
End user organisations clearly require assistance, so it’s up to IT security vendors and service providers to help ease that burden and help to mitigate the risks at play.
Stronger together – maximising IT security
All in all, the situation seems pretty clear – whether the partnership is just between the end user organisation and their IT security vendors, or whether there is also an MSP/MSSP in the mix as well, it is critical that all parties are singing from the same hymn sheet when it comes to maximising IT security efforts.
Security is, after all, a team sport, and until everyone involved recognises and buys into it, there will always be an avoidable opening in white hat security defences, with the damages of a breach having the potential to impact all of those who could have prevented it, to varying degrees.
These survey findings are based on qualitative and quantitative interviews from September 2022 with 216 members of the Vanson Bourne Community, our network of IT and business professionals at the forefront of their industries.
As a member of the Vanson Bourne Community you’ll gain access exclusive to a variety of insights reports just like this one, based on research with our members.