As Cybercrimes Soar, It’s Time to Rethink DIY (or BIY) Network Security

Featured article by Tim Gallagher, Nuspire Networks

Cyber-attacks and fraud maneuvers continue to climb in frequency and sophistication as cybercriminals keep penetrating vulnerable targets. As a result, the annual global cost of cybercrime rises continually and approaches a conservative $400 billion a year. Every day, 1.5 people become victims, and each year, more than 232 million identities are exposed.[1]

No sector is safe. By 2017, the global cyber-security market is expected to climb to $120.1 million, nearly double the $63.7 million in 2011.[2]  Given such alarming statistics, why should IT leaders continue to use a do-it-yourself – or buy it yourself – approach to network security?

Sure, DIY or BIY might help cut costs and time. Many companies buy devices, apps or hardware to address their security needs. But they are only as good as the security practitioner managing it. And consider: Among organizations that could estimate the cost of a security breach, the average annual monetary loss was projected at $415,000.[3]

A managed network security approach offers distinct advantages in today’s climate of phishing and fraud. Here are five major reasons:

No. 1: Security takes no vacations.

It takes a managed network security service provider, or MSSP. That’s a team of skilled professionals that monitor security events for multiple clients and possess state-of-the-art technology. They must possess monitoring specialties. They must monitor an open systems interconnection 365 days a year on a global and regional level. A single security professional or even two would have difficulties grasping every element of network security and interpreting each security event to determine if it poses a threat to the network or daily operations.

No. 2: Security must be across the board.

MSSPs must be able to conduct real-time event monitoring, threat analysis and domain protection 24/7. They also can stop a threat occurring somewhere else globally from spreading.

No. 3: MSSPs must grasp every type of threat.

That laundry list of threats include viruses, malware, worms and trojans; thefts of data-bearing devices, SQL injection, phishing, web-based attacks, social engineering and a major one: criminal insiders. Monitoring security events must be done on every platform where threats can happen. MSSPs employ experts who master each different part of a network.

No. 4: MSSPs know threat detection and response.

In-house security professionals usually don’t possess a complete understanding of all elements of protection, so when they respond to a threat, it’s often for the first time.  MSSPs maintain extensive experience in threat detection and response from the profiles of the many corporations for which they work.

No. 5: With an MSSP, you can focus on your core business.  

Using an MSSP lets you focus on your core business, limits your cash outlay and allows you to adjust easily to growth. Focusing on your core business can prove especially important. You can spend more time with business units assisting with projects that could raise revenues – not require them to deal with a breach.

So, if you’re still in a quandary about DIY (or BIY) and managed network security, ask yourself a few questions.

1.    Are you well-equipped to keep up with minute-by-minute threats, and how experienced is your staff?

2.    How important is providing a high level of selective filtering of content?

3.    What percentage of your staff’s time will need to be dedicated to monitoring and maintenance?

4.    What will be the consequences if data is stolen?

And there’s one other critical element to ponder: How willing are you to risk your organization’s reputation?

Tim Gallagher, Senior Security Analysis Team Engineer, Nuspire Networks

Tim Gallagher is an information security leader with over 17 years of experience in high-technology businesses, security, research and design. Tim has helped the nation’s largest businesses analyze complex software, server, systems and network problems and generate solutions. He has also managed projects on behalf of the US Air Force and Department of Defense. Tim brings vast experience in areas including: security response, vulnerability management and mitigations, continuance of operations, and disaster recovery. During his professional career, Tim has been recognized for his innovative leadership, and his ability to implement technical advances to solve real world security problems.