A recent article by Dave Cartwright in The Register discussed the pros and cons to businesses of out-sourcing or in-sourcing their IT security, particularly SMEs. Cartwright cites a survey which claimed that SMEs are increasing their security spending by around 25% each year, yet half had only a couple of IT security staff and many did not ‘feel confident that they could prevent a network intrusion.’
So is the solution to hire more security staff? Unfortunately, this is not an option for many SMEs—‘security professionals are expensive because they’re in short supply’, writes Cartwright, with the average salary for a Chief Information Security Officer (CISO) hovering around £85,500. So, does that mean you should buy in your security from an outside firm—‘CISO-as-a-Service’—to save costs?
Perhaps not. The daily cost of a security specialist ‘is way higher when outsourced than when in-sourced’. Can you get away with having a mail-order CISO, say, two days out of the week? Maybe, if you’re lucky, but remember that cybercriminals are unlikely to play by your schedule. In addition, ‘handing over the reigns for your security’ can come back to bite you, as clients of HackingTeam found when it was breached in 2015. Not only that, but out-sourcing requires you to properly assess your potential partner’s level of security which can take a lot of time—the Standardized Information Gathering (SIG) questionnaire, for example, contains over 1,500 questions.
Ultimately, whether you in-source or out-source your security, or some hybrid of the two, you will need a range of tools and services to ensure you make a success of it. Luckily, Xyone Cyber Security have something for every occasion.
If you’re keeping your security in-house, Educate provides vital security training for employees at all levels of your business, from the factory floor up to board-level. Cartwright also mentions the government’s Cyber Essentials certification scheme, saying that ‘the five simple actions it demands (changing default passwords, keeping stuff patches and so on) are well within the remit and capability of most’. Xyone are a Certifying Body for both the basic and the Plus-level certifications, or can offer consultancy on achieving them through somebody else.
We have you covered for managed services, too. Rather than juggling your own information security policies, tracking employee signatures and version changes, Mitigate does it all for you automatically whilst also providing threat alerts, real-time risk tracking and employee training certified by the UK’s Government Communications Headquarters (GCHQ). Manage risk, build resilience, reduce costs and save time with Mitigate.
Finally, our Penetrate range of penetration testing services—everything from Web apps to social engineering—let you test how well your organisational defences will protect you from a determined attacker and are a vital part of a robust security solution, and our Safeguard automated vulnerability scanning is the perfect complement to regular penetration testing to ensure year-round security.
So, whatever your plans, whether in-sourcing, out-sourcing or both, get in touch at 0333 323 3981 or firstname.lastname@example.org today to find out how Xyone can best help you.