5 Cybersecurity Gaps That Spell Opportunity In 2016
By George Hulme
Organizations everywhere are under unprecedented pressure to secure their systems from attacks and data breaches. They face increasingly skilled and motivated adversaries, risks from insiders and ever-more-stringent government and industry regulatory mandates. But that’s not news to anyone. What is news is the explosive growth of managed security service revenue — it totaled $15.8 billion worldwide in 2014, says Infonetics, and I see no signs of a slowdown. In fact, a lack of adequate cybersecurity resources is a running narrative of my interviews with CSOs, CIOs and security experts.
For security services and solution providers to capitalize, however, you need to understand where customers find themselves today, and have an inkling of what new horrors attackers will unleash next. They need to know which security services will fill current and future gaps, how to help customers get the most out of their existing products and understand the cybersecurity investments and vendor partnerships that will pay off in the months and years ahead.
Research can help. According to the Ponemon Institute’s 2015 Global Megatrends in Cybersecurity, sponsored by Raytheon, a number of big trends are threatening enterprises’ ability to secure their systems. These include the difficulty in hiring and keeping security experts on staff, tight cybersecurity funding relative to need, and the inability to distill actionable security intelligence from information sources. Likewise, the 2015 U.S. State of Cybercrime Survey, cosponsored by PwC, CSO, the CERT Division of the Software Engineering Institute at Carnegie Mellon University and the United States Secret Service, reports that the current priorities in cybersecurity spending include new technologies, at 47 percent; audits and assessments, 40 percent; new skills and capabilities, 33 percent; redesigning cybersecurity strategy, 24 percent; and a redesign of cybersecurity processes, at 15 percent. Some of those represent highly profitable, and repeatable, services.
Here are five strategic cybersecurity gaps that your customers face — and that represent market opportunities.
Strategic Gap 1: Staffing shortages and skills gaps
This is a major and endemic problem. For example, when Ponemon respondents were asked about on-staff cybersecurity expertise – those people capable of deploying and managing new security technologies – only 26 percent said that they have such skills in-house. Not encouraging. One of the most important benefits that solution providers deliver is a quick path to extending the talent customers need for cyber efforts. The more enterprises can offload security monitoring, threat-intelligence services and such tasks, the more their internal people can focus on helping executives deal with business priorities, such as architecting new security solutions, optimizing current investments and securing new business initiatives.
Strategic Gap 2: Actionable threat intelligence
No matter how good their threat intelligence feeds, or how well they share and collaborate threat information, individual organizations will never have as good a view of the threat landscape, or understand specific attack mitigations as well as solution providers who are servicing many enterprises, most likely across multiple verticals. When new threats occur in another industry, another business, another time zone, or even another country, your team is often among the first to see these incidents and in close touch with vendors developing defenses and remedies.
Strategic Gap 3: Inability to focus on basics
MSSPs and solution providers also are well positioned to deliver security services that are both more mature and ideal for remote oversight, such as management of firewalls, distributed denial-of-service attack mitigation, intrusion detection/prevention monitoring services, content filtering and others. As mentioned, Infonetics estimates that managed security service revenue totaled $15.8 billion worldwide in 2014, and that rose 10 percent from 2013. Cloud-based offerings made up 46 percent of security service revenue in 2014, with customer on-premises-based services contributing 54 percent. By 2018, Infonetics expects cloud-security services to surpass customer on-premises-based security services. If you don’t facilitate that, a competitor or direct-sales vendor will.
Strategic Gap 4: Embracing new technologies
Enterprise risk changes from year to year, and customers need strategic vision to understand those risks and decide how much they should invest in protecting against them.
For instance, security risks shift as a company extends itself into new lines of business, enters into a new geography, increases its use of mobile tech, extends its IT out to the IoT and expands the use of cloud to more critical data and business processes. When engaging in such initiatives, enterprises need to understand the new data security, data privacy and regulatory implications. Likewise, CSOs and security managers need to know how to implement security controls to meet that level of risk acceptance.
In the months and years ahead, demand for these types of risk assessments is going to accelerate, and meeting that need will be a major opportunity for partners. Without such services, customers will be held back from investing more in mobile and wearable technologies and apps, hybrid cloud architectures, the Internet of Things and in doing business in more places around the world.
Strategic Gap 5: Lack of existing security integration
Customers have invested significant time and money in security programs and equipment to reduce risk. But many still need guidance managing, integrating and optimizing their efforts. Tasks such as integrating security information and event management systems with intrusion detection/prevention and vulnerability management systems are often beyond the skills of in-house staff; partners with ties to these vendors have a services opportunity here. And, as more enterprises embrace continuous integration and deployment pipelines, they are going to need help integrating application security testing throughout those processes.
When considering how many ways there are to assist enterprises in their data security efforts, it should come as no surprise that the cybersecurity market is estimated to expand at a rate of 9.8 percent, to $170 billion by 2020, according to a report from Markets and Markets. Will you be in on that growth?
George W. Hulme is an internationally recognized security and business technology writer. For more than 20 years Hulme has written about business, technology and IT security topics. From March 2000 through March 2005, as senior editor at InformationWeek magazine, he covered the IT security and homeland security beats. His work has appeared in CSOOnline, ComputerWorld, Network Computing, Government Computer News, Network World, San Francisco Examiner, TechWeb, VARBusiness and dozens of other technology publications.
