If you haven’t read, there is a huge cybersecurity problem facing the world’s organizations. It’s not just the attacks themselves but the fines. We’ve told you about Marriott being fined $123M and British Airways $229 – on top of associated costs of the hack, legal bills, etc.
The total cost of breaches has been reported to be over $1.6T over ten years and quite often it’s the small companies that are most at risk – hoping they are too “under the radar” to be a victim.
Sadly, there is no such thing as under the radar when hackers quite often use mass propagation to infect corporations. Mass emails to lists found on the dark web is one way to infect a great number of people in a short amount of time.
Of course, sending the emails doesn’t cause the infection – it is just that the law of averages says people will click on malware-laden messages in social media and email at a steady rate and when sent enough of them, clicks follow.
Perhaps the worse news for all of us is the state of the cybersecurity industry in terms of the people working in it. they are in a high-stress environment playing whack-a-mole with nation-states, script kiddies and everything in-between.
In fact 65% of stressed out cybersecurity and IT workers and thinking about quitting according to a CNBC article from Stephen Boyer, BitSight CTO.
And turnover can be a killer – especially when we are dealing with an organization that is best akin to a leaky ship. What do we mean by this? Organizations have holes – all of them do. Take a company with 1,000 PCs that tries to keep at least 85% of its computers patched. At any point, up to 150 computers could be at risk of exploits – similar to BlueKeep.
When there is turnover, there are greater chances for errors.. Things like patching can be delayed as a result.
In addition, it could take time to rehire – when there are about 3M open positions in a segment of the market, it obviously can take a while to fill vacancies.
All the while, managed security services have been growing rapidly - $21 billion in 2018 to $35.6 billion in 2023, growing at a 11.1% compound annual growth rate.
They allow these cybersecurity workers to have a career path – in many instances, it allows them to share the job stress with a greater number of workers. It also allows them to work with various customers, making personality conflicts and politics, less of an issue.
Of course, there are instances when an in-house position can seem like a cushy job compared working in an MSP or MSSP but quite often, talented, ambitious workers enjoy the consulting role more than working directly for a company.
This is the challenge facing today’s organizations… Do they go it alone or work with one or more IT service providers/MSPs/MSSPs? The latter option means less stress on the internal team and is virtually always the safer alternative.
There are a few reasons why it is safer – MSPs and MSSPs are exposed to far more threats than typical in-house teams. They see the best and worse in tech and hacks. They know what services and hardware works well in various situations. They know what to look out for and learn best practices from some of their best customers who really are on top of their cybersecurity posture.
For example, our MSP, Apex Technology Services has a Fortune 200 customer as well as numerous financial and medical customers meaning our team is exposed to compliance from various agencies. FINRA, NIST, PCI, HIPAA as well as best practices from the FCC and FBI.
Techs working in such an environment are far more prepared than a local IT resource why has stayed in one company for a long period of time. There are exceptions of course – if such a worker studies cybersecurity as part of their career or does so after-hours, they could add a lot of value to their skill set. Still though, there is no substitute for experience.
The bottom line is internal efforts are competing with external when it comes to cybersecurity. Turnover is inevitable but when it happens – service providers typically have numerous procedures in place to allow rapid knowledge transfer between techs. In fact, a good provider will rotate techs to ensure turnover, vacations and sick days do not hurt customer operations or productivity.
Even if your organization is happy with your internal IT and cyber resources, researching and working with a solid MSP or MSSP is smart – even on a limited basis. When turnover does happen, these managed service providers can ensure the business is still safe and secure and operating smoothly.