A report from Gartner announced this week on DarkReading found that nearly one out of three companies don’t have on-staff cybersecurity expertise. Gartner research director Rob McMillan and principal research analyst Sam Olyaei compiled the 2018 CIO Agenda Survey from over 3,000 respondents the article said. And while more organizations have cybersecurity staff than previous years, one third are still lacking a dedicated resource.
By now, you’ve likely heard that the next wireless security protocol has been announced by the Wi-Fi Alliance. WPA3, builds on previous Wi-fi Protected access standards and is designed to address issues with encryption in the previous standard (such as the KRACK exploit on WPA2 revealed late last year). The new standard will utilize 192-bitencrpytion and Opportunistic Wireless Encryption (OWE) which will ensure communications between router and device each use their own encryption keys, rather than sharing data. There are also new protections against dictionary attacks. The standard is not likely to be broadly adopted until 2019 and may require new hardware if updated firmware is not issued for existing devices.
The Federal Financial Institutions Examination Council (FFIEC) provides cybersecurity standards and auditing for financial institutions and regulatory bodies including: The Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB).
When resources are unlimited, you can afford wasteful spending. But for most organizations with limited IT budgets and too few staff, it’s important to invest your security spend wisely. This means finding the ways to stretch your dollar further and get better value out of your investments. You can’t afford to waste money on solutions that are never deployed or require staff you don’t have to manage.
I’ve spent the past few years calling into CIOs, IT Managers, or Security Engineers discussing where their security program is today and what they would like it transformed too. Even though you probably dread the sight of an unknown number, my favorite part of my position is being a facilitator of conversation as well as understanding the focus of all parties involved. What I’ve come to realize is the disconnect that often exists within the security team and the individual goals differ position to position.
As a Solutions engineer, we have the privilege of listening to mid-sized and large organizations that are struggling to keep up with the ever-changing cyber security landscape. This blog post will provide insight and hopefully educate those with one or more of the following signs that a Security as a Service was needed yesterday.
Let’s pause though. What is Security as a Service? This is a software-as-a-service security program that comprehensively identifies threats, helps mitigate risk and meet compliance. Generally, this is comprised of a balance between People, Process, and Technology.
Is your team overwhelmed and under-resourced? Extend your team and gain a 24x7 SOC without hiring for a single new position. Given the shortage of security talent in the market today, it can be extremely difficult to hire and retain qualified staff even if you have the resources. For those who don’t, it can be near to impossible.
Have you been thinking about using Security as a Service to supplement your team? If any of the statements below apply to your company, it’s time to stop thinking about it and start a new approach that incorporates Security as a Service into your operations.
Information security is becoming a competitive advantage in many industries, with companies that can be trusted with financial data and personal information becoming better able to attract and retain customers and partners. Security as a service allows resource-constrained organizations to keep a level playing field with larger enterprises. Instead of a large upfront fixed cost for software such as SIEM, personnel hiring and professional integration services, security as a service spreads those costs over the subscription period. This model can provide more flexibility when budgeting IT expenditures. The scarcity of trained security professionals makes hiring trained staff in-house difficult. With security as a service, you can often receive around-the-clock security coverage for less than the cost of staffing one shift in-house.