Data Breach Prevention Concerns Raise Demand for Security Personnel

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.midsizeinsider.com/en-us/article/data-breach-prevention-concerns-raise-de#.VNP4553F-So


Data breach prevention concerns continue to be a priority for midsize
businesses. With any network-enabled device now a potential target for
cybercriminals, many IT professionals face hard choices: Bring in more
staff, or create restrictive access policies? With the number of available
IT security pros no longer meeting demand, managed service providers (MSPs)
have the chance to attract midsize interest and prove their worth.

Demand Up, Firms Still Vulnerable

2015 will likely be a banner year for IT security hiring, according to
BankInfoSecurity. As the article notes, staffing firm Dice saw a 69 percent
jump from January 2014 to January 2015 in the number of job postings for
cybersecurity or information security professionals. That unceasing demand
coupled with the development of new technology initiatives such as the
Internet of Things has led to a personnel shortfall: There are simply not
enough experts to meet demand. In response, some midsize companies choose
to spend whatever is necessary to hire new security staff, but this can be
a time-consuming and intensive process. Others opt for stricter access
controls in the hope that data breach prevention can be achieved through
employee education and intelligent network use. However, the widespread use
of third-party, open-source code and insecure, network-enabled devices
means that determined attackers may still find a way through. While
security demands are going up, defenses may be left without sufficient
staffing and in the face of advanced threats.

The MSP Security Vertical

MSPmentor lists several common threats to midsize businesses: bad security
basics, zero-day vulnerabilities and expert cybercriminals. Ninety percent
of data breaches that occurred in the first half of last year were
preventable, according to Online Trust Alliance information featured in the
article. Many of these breaches were devastating because companies failed
to adopt security basics such as strict internal controls. As for zero-day
vulnerabilities, malware research firm Kafeine discovered one in Flash that
lets attackers plant malware and take over computers.

With midsize companies struggling to handle multiple threat vectors and
without the requisite security personnel, MSPs have the opportunity to act
as the new security vertical. In addition to more common services such as
hosting, storage and disaster recovery, bundling in cutting-edge security
protection is a way to allow midsize businesses the ability to tap
professional protection without overspending or waiting for the ideal
candidate. This puts the burden of security compliance onto MSPs
themselves. This involves more of a slow build than a flashy fire sale —
focusing on the basics first and then expanding as needed to fill customer
demand.

Midsize companies are struggling with data breach prevention and the
scarcity of IT security talent. MSPs can solve both problems with the right
set of cybersecurity services and solutions.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!