Current Filter: Network>>>>>Opinion>

   

Many business leaders are often concerned that, due to the size of their company, they are ill-equipped both in terms of IT infrastructure and finances to safeguard their business assets against security breaches using in-house resources. This has led to a common misconception that outsourcing IT security is the most cost effective way to manage it. But with poor outsourcing decisions responsible for 63 per cent of data security breaches, it's a decision itself that can have huge financial consequences.

Hacks are becoming increasingly sophisticated and the consequences of being hacked have become much more severe: something Sony and others can certainly attest to. The corporation has suffered three high-profile security breaches in just a few years. In 2011 its PlayStation Network was hacked and personal details from 77 million accounts were leaked, and more recently, Sony Pictures saw internal emails, information about executive salaries, unreleased films and other information leaked, and this is suspected to have cost millions. Clearly, Sony is not alone. In fact in 2014, the annualised average cost of a cyber-attack is believed to have reached $12.7million. This is a figure that will dramatically impact both the bottom line and the share price of any business.

Even in today's technologically advanced world organisations can't guarantee that they'll remain breach free, and there is a real need for companies to start treating IT security as an integral part of the business. It can no longer be treated as something that can just be outsourced and ticked off the balance sheet.

By centralising and managing IT security resources from an in-house Security Operations Centre (SOC), businesses can ensure the continued prevention of cyber-attacks, while still maintaining ownership of their sensitive information and remaining in control of their own security. If a business does suffer an unpreventable breach of security, then the infrastructure is in place to detect the attack and most importantly, to respond to it, thereby minimising damage and reducing recovery time.

However, in my experience, despite having realised the long-term strategic benefits of building a SOC, many businesses are generally uninformed when it comes to which hires they actually need to make. The biggest concern for any business looking to establish an in-house SOC is deciding if it should be integrated with the existing IT team and also determining what security-specific hires are required.

Start at the top. Hiring the right executive security leadership is critical to ensuring the protection of any organisations critical assets without hindering productivity. That means employing a Chief Information Security Officer (CISO) responsible for implementing a successful cyber strategy. A CISO is more of a strategic role than technical; they are responsible for pushing security to the top of the board's agenda, ensuring IT security can help a business achieve its objectives.

Once the CISO is in place, it then becomes their responsibility to oversee the implementation of the SOC, part of which means hiring a dedicated team of security professionals for the design and build phase, as well as a team of analysts to manage the day-to-day operations.

Establishing a SOC can be a resource-intensive, time consuming process, as well as a large up-front expense for a company. It is almost impossible to quantify ROI and it's not a bulletproof solution; it doesn't guarantee that your business will be immune to cyber-attacks. But, it is a strategic decision that will enable a company that understands the real risks posed by data breaches to save money, maintain its reputation, and help it to achieve its wider business objectives by keeping its data as safe as it can be.