The single biggest impediment to any organization deciding to embrace managed security services is often the pride of the internal IT organization. Many IT professionals view having to rely on external help as a sign of weakness. That can be doubly problematic if there are dedicated cybersecurity resources within the internal IT organization.
At the same time, however, the amount of effort required to secure IT environments is starting to add up. A new global survey of 1,600 full-time IT professionals who are security decision-makers or security influencers within their organization finds the rise in sophisticated malware, lack of talent, and budget constraints are all increasing cybersecurity fatigue within IT organizations. The survey, which was conducted by Trustwave, a provider of managed security services, finds that more than half of respondents (54 percent) experienced more cybersecurity pressures in 2017 than in the previous year.
Sources of cybersecurity stress
The source of that cybersecurity stress can be primarily attributed increases in both the volume and sophistication of attacks. Preventing malware infestations (22 percent), identifying vulnerabilities (17 percent), and phishing attacks (13 percent) are all significant contributors to higher levels of stress.
But, the source of the stress within those organizations is changing. C-level executives, board members, and business owners are cited as the primary source of stress by 39 percent of total respondents. This is down, however, from 46 percent in 2017 and 69 percent two years ago. Pressure coming from direct managers has jumped eight points since 2016, though, accounting for 27 percent of total respondents. It appears that responsibility for maintaining cyber security is being pushed deeper into organizations.
Interestingly, the survey also notes a decrease in pressure to roll out IT projects without a proper cybersecurity review. A full 42 percent of IT security professionals felt less pressure to roll out projects before security concerns were addressed. That means 58 percent still do feel some pressure in that regard, but it appears some progress is being made in terms of securing applications before they get deployed in a production environment.
Looking for outside help
A third of respondents (33 percent) say they already partner with a managed security services provider (MSSP). Another 45 percent say they plan to in the future, which suggests more IT professionals are coming to terms with the fact they need help. The top three reasons for partnering with an MSSP include: compensating for in-house skill shortages (31 percent); adopting, deploying, and operating hard-to-use security technologies (30 percent); and assisting with security automation (28 percent).
New @Trustwave study: 33% of internal IT pros already partner with a #MSSP & 45% plan to in the future @SmarterMSP
Despite all this mounting pressure, the survey also makes it clear that internal IT teams still have plenty of fight left in them. More than half the respondents (54 percent) say they are more confident in their ability to secure their organization than they were five years ago. Only 15 percent are less confident.
The degree to which that confidence can be attributed to the fact that they rely on help from a MSSP is unknown. But, chances are high that many internal IT teams still are not willing to cede control and budget dollars to an external service provider when they still feel, rightly or wrongly, that they can do a job.
The issue for MSSPs then becomes determining how much resistance there might be inside an IT organization to working with external service providers and, if it’s high, how to get around it. The survey results suggest that direct managers within the line of business should be a key area of focus. After all, in the event of a cybersecurity breach it’s those line-of-business managers that have the most at risk.