Is your cybersecurity investment going to waste?

The National Exposure Index by Rapid7 rates Canada as the third most exposed country to possible cyber attacks. Security needs to be woven into an organization’s operations and be an integral part of any business decision. Failing to invest in the right security solutions can put customer data at risk and lead to potential lawsuits and compliance fines from regulations like PIPEDA and GDPR.

“The current attack vectors are larger than ever, so you have a lot of organizations that are confused on the steps they need to take [to combat cyber attacks],” said Joseph Khunaysir, president of Toronto-based IT services company Jolera. “One of the major reasons we engage with customers and partners alike is because they are looking for our experience and our expertise.”

The National Exposure Index by Rapid7 rates Canada as the third most exposed country to possible cyber attacks. Security needs to be woven into an organization’s operations and be an integral part of any business decision.

According to a survey done by the Canadian Internet Registry Authority, 67 per cent of small and medium-sized businesses in Canada outsource at least part of their cybersecurity footprint to external vendors. However, using multiple vendors or security partners can be a security risk. A common challenge is the ability to manage security alerts. According to Cisco’s 2018 Annual Cybersecurity Report, organizations using more than 50 vendors faced more challenges managing security alerts (55 per cent) compared to those with only one to five vendors (eight per cent). Receiving many different security alerts can lead companies to accidentally miss important notifications. This affects an organization’s ability to detect, investigate and remediate threats.

Having in-house resources like a security operations centre (SOC) can be expensive. A SOC houses a security team that is responsible for monitoring and analyzing security events. According to employment search engine Indeed, the average salary of an information security analyst is about $75,000. The average SOC requires about four analysts, which brings the cost of personnel to about $300,000. This doesn’t include the cost for a room to accommodate the SOC, licensing/equipment fees and time spent hiring a SOC team. Instead of paying hundreds of thousands of dollars for a SOC, an organization can outsource these operations at a more manageable cost.

Outsourcing IT security operations allows businesses to focus on their core competencies while having their security concerns met by experienced professionals using the latest technologies. For businesses that are unable to invest in the high cost of technology upfront, outsourcing to a managed security service provider (MSSP) for a monthly price makes it easy to budget security expenses. For example, the average cost for a Barracuda firewall is around $5,000. This price only includes the device and doesn’t account for services such as installation, configuration and management. With a provider, a managed firewall can be as low as $150 per month and include security services.

Security devices like firewalls need to be installed properly. Improper installation can lead to security holes that hackers can exploit and use to compromise a business network. Data from Gartner suggests that by 2020, 99 per cent of firewall breaches will be caused by firewall configurations, not flaws. A service provider has experts that ensure the security devices are set up properly and meet a business’s needs.

There are several security providers in the industry, so how do businesses know they’ve partnered with the best one? After all, companies don’t want to be investing in an ineffective cybersecurity solution that leaves their businesses vulnerable.

Businesses need to do their research when deciding to partner with an IT service provider. Benchmarks like years of experience, range of resources, processes and where they are located should be taken into consideration. Being able to have access to reports and data is helpful for companies looking to measure their return on investment and determine if they are receiving adequate security.

“If you’re working with an MSSP that cannot demonstrate good reporting, or be able to walk you through a concise, easy-to-understand report, then you should really question how much value you’re getting for your investment and where it’s going,” said Khunaysir. “Being proactive with the customer is also important. If an MSSP is informing customers of new threats and working with them to patch vulnerable systems and remediate security alerts, it’s a good sign they’re ahead of the game.”

This article was provided by Jolera for commercial purposes.

CEO Joe Natale calls for government policy to incentivize spending on 5G networks
Everything you need to know about one topic in Canadian business — this week
Martin Pelletier: The illiquidity of such investments and what at times can be a lack of transparency can make it more difficult to measure the benefits
A third of Canadians surveyed say interest rate increase could push them towards bankruptcy

Published at Mon, 22 Apr 2019 16:53:25 +0000