Companies are generally cataloged as small, medium, or large. But size does not matter to a cybercriminal or an unethical competitor, who view companies as either soft and vulnerable, or hardened and difficult. Companies need to determine what level of "hardness" they need to achieve, and whether they want to build it themselves, partner with a managed security services entity, or a little of both.
"Sharing the blame - How companies are collaborating on data security breaches," a recent Asia-centric study conducted by The Economist Intelligence Unit, highlighted the need for collaborative security solutions and identified four key points regarding data security:
- Data breaches are alarmingly high. Only 35 percent of firms were confident they had not experienced a data breach in the past 12 months.
- Businesses regard data security as extremely important, as 76 percent said it was high priority, compared to the 8 percent who regarded it as low priority.
- Data security breaches are hurting companies financially. Almost 40 percent of firms have experienced significant economic loss as a result of data security breaches.
- Companies are better placed than government to deal with data security breaches. More than 80 percent of respondents said businesses should proactively take the lead.
Quietly addressing breaches and network intrusions plays directly into the hands of the perpetrators. "Keeping silent about an IT attack would be the norm for most companies—it's the traditional mindset," Charles Mok, who represents the IT sector in Hong Kong's legislative assembly, said in the report.
Instead, companies should look at IT as a preventative investment and work with other industry stakeholders to collectively respond to attacks. Sharing incident data, even among competitors, permits an immediate assessment of one's own infrastructure and answering the question, "What about us?"
Three Votes for Managed Security Services
Working with a managed security services partner would accelerate your company's movement into the "hardened and difficult" category:
- You gain situational awareness. Managed security services enhance your security profile and knowledge of both internal and external network threats. It is important to know what is happening within your network and to have access (albeit indirectly) to what is happening on others' networks.
- You need incident response. Your customers expect you ensure their interactions with you are secure, and they also expect you to protect their data. The managed security services partner brings a more mature incident response capability to the table, which should include machine-speed responses to security incidents.
- You invest in knowledge. The right partner knows things you don’t know and has experience in areas you lack. Anyone who has tried to recruit and hire experienced information security professionals is quite familiar with the acute shortage of qualified professionals. Your managed services partner has scale and focus on the topic of security, and that knowledge enhancement includes benefits from the service provider's relationships within the security industry as well as with their other customers.
While the Economist Intelligence Unit report highlights the Asian market's reluctance to share details surrounding network intrusions and data breaches with other companies, having a security partner puts you within reach of valuable knowledge. Those insights can have a direct positive effect on your ability to maintain your company's security infrastructure.