IT security specialists are rare. How can companies prevent this shortage from endangering their security? The answer can be found in a general trend in IT.
Text: Andreas Heer, Images: iStock by Getty Images, first published on october 15, 2018, updated on January 19, 2021. 4 min
There is a double gap in IT security: On the one hand, new forms of attack are constantly cropping up. On the other, there are not enough security experts. The good news is that companies are not helpless in the face of this situation. Managed security services (MSS) enable companies to outsource parts of their IT security to specialised providers, thus bridging the shortage of skilled workers or overcoming it sustainably.
A quick look back suffices to explain why the demands on IT security are increasing: the EU’s General Data Protection Regulation (GDPR) came into force in May 2018. This also affects Swiss companies that work with EU citizens in EU countries. Shortly thereafter, cryptojacking targeted the web browsers of unsuspecting users. Here, cybercriminals use the computing power of a website visitor to mine cryptocurrencies. Phishing and malware-infected e-mails are more or less perennial favourites. What’s more, attacks often target specific individuals or companies.
At the same time, digitisation is increasing infrastructure complexity: What data is stored in which cloud and what should remain on local infrastructure? And what additional security measures does such a hybrid infrastructure require?
Solutions to the shortage of skilled labour are needed for a variety of reasons. Company executives are now acutely aware of the importance of IT security. After all, digitisation and the use of new technologies are also creating new avenues for attack. At the same time, cybercrime is becoming more professional. This is leading to an increase in attacks because only successful attacks pay off. These trends are also being reflected in company budgets: currently, about one-eighth of all ICT spending is on security. According to the ICT security study, this expenditure has increased by about five percent compared to last year.
The most important IT security issue from a business point of view is the protection of corporate data. For IT departments with a more technical perspective, the focus is on protecting the ICT infrastructure and networks.
Companies are increasingly turning to managed security services to compensate for missing know-how. The core of this lies in protecting against attacks using firewalls, intrusion detection/prevention and web and e-mail security. Threat detection and response services, including security operations centre (SOCaaS) services, are likewise in increasing demand. There are also business-related services such as data leakage prevention systems, user authentication and digital signature solutions.
Although MSS enables many core areas of IT security to be outsourced and missing specialists to be compensated for, companies need to rethink if they are to switch from operating a technology operation to using a service. They must define which processes and safety measures can be outsourced and who is responsible for what. In any case, a company needs the know-how to define its own security guidelines and use these to manage the relationship with its security provider.