Why outsourcing cybersecurity is rising in the Adriatic region – Help Net Security
Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!
In this Help Net Security interview, Aleksandar Stančin, Board Member Adriatics, Exclusive Networks, discusses the state of cybersecurity in the Adriatic region. He talks about how local markets often lag behind EU regulations, despite facing threats comparable to those in other parts of Europe. While adoption may be slower, progress is underway to strengthen cybersecurity across industries.
Traditionally, our local markets are lagging behind global trends and security concepts, especially those outside of the EU regulation zone (e.g. NIS2, CRA, GDPR, etc). However, threat and risk-wise, we are of course fully in sync with the other markets and interesting for the attackers, so to speak. Key challenge is that organizations still approach the security issues on a post mortem basis meaning once the incidents occurs steps are made to avoid such occurrences in the future.
We do see a shift to a more systematic approach tied with governmental and banking sector, but the SMEs are still struggling due to lack of skills, budgets and associated understanding of the risks at hand. A good trend that is clearly visible is companies and organizations working more on resilience and investing into awareness about security risks and threats.
Two things are most common: help us understand legal regulatory obligations where applicable (EU countries) and how to achieve best possible protection with a limited budget. The challenge at hand is as everywhere, lack of skills and know how related to ICT security and related topics. The more systems and regulatory requirements grow so does the complexity.
If we understand that majority of the local economies (excluding governmental spending) revolves around sub 250 employee companies, you can clearly see the main challenge – small and thus unspecialised IT teams dealing with business needs first, all else follows later on, security included.
What we do notice in the past several years is the trend to outsource security concerns to MSSPs and managed SOCs which are on the rise in the region and this is a good thing to improve the security posture. Outsourcing is helping companies to offset lack of knowledge and skills. At the end of the day, you do not need to know how to wire your house for electricity, but you still have it and it works when you flip the switch. Same applies to security and risks associated, involve the experts and focus on your core business.
More and more the topic of automation and orchestration is being asked, alongside with AI assistance with integration and interpreting the reports and logs. The challenge is to obtain (or retain) 360 degrees of visibility across all systems, no matter what or where they are so a systematic approach and asset management is key for success.
So called single pane of glass or a security platform is in high demand to help aggregate data across on prem and cloud systems and act upon it. Hence the rising interest and proliferation of MSSPs and MSOC providers as single organizations cannot cope adequately with all of these requirements.
One aspect that brings huge improvements and benefits in reducing the local attack surfaces is migrating to cloud and decommissioning legacy systems. However, this is a planned approach that does not happen overnight, so patience and project management skills are required, as well as budgets.
It is a challenge, especially with skilled talent often going to the highest bidder in a hindsight. In our case these are typically vendors and sometimes the ones we cooperate with, so it is kinda bitter sweet relationship on occasion. However there are mid grounds we can typically meet on providing there is a mutual interest (both intrinsic and extrinsic).
We also strive to find young talent, invest into education and training as well as sponsor development. We do have situations to have highly skilled staff returning after several years on the vendor side back to us. Companies that do invest in and nurture their talents typically also manage to retain them. There is no single answer, it is an ongoing effort.
The importance of the role is becoming more visible and better understood. Board conversations are still predominant task, to secure budget and understanding of the risks associated related to security but also business continuity and reputation on the market. Most SME organizations due to size and organizational restrictions are keen to outsource this role, similar to managing their security systems and posture.
Regulatory push is moving things forward and bringing security on everybody’s radar, thus also improving on the public-private partnership part as well. National regulatory institutions are interested in gathering and hearing opinions from the industry in an effort to meet requirements and not re-invent the proverbial wheel. Things may seem slow to the outside observer, but they are in motion.
source
This article was autogenerated from a news feed from CDO TIMES selected high quality news and research sources. There was no editorial review conducted beyond that by CDO TIMES staff. Need help with any of the topics in our articles? Schedule your free CDO TIMES Tech Navigator call today to stay ahead of the curve and gain insider advantages to propel your business!
In this Help Net Security interview, Aleksandar Stančin, Board Member Adriatics, Exclusive Networks, discusses the state of cybersecurity in the Adriatic region. He talks about how local markets often lag behind EU regulations, despite facing threats comparable to those in other parts of Europe. While adoption may be slower, progress is underway to strengthen cybersecurity across industries.
Traditionally, our local markets are lagging behind global trends and security concepts, especially those outside of the EU regulation zone (e.g. NIS2, CRA, GDPR, etc). However, threat and risk-wise, we are of course fully in sync with the other markets and interesting for the attackers, so to speak. Key challenge is that organizations still approach the security issues on a post mortem basis meaning once the incidents occurs steps are made to avoid such occurrences in the future.
We do see a shift to a more systematic approach tied with governmental and banking sector, but the SMEs are still struggling due to lack of skills, budgets and associated understanding of the risks at hand. A good trend that is clearly visible is companies and organizations working more on resilience and investing into awareness about security risks and threats.
Two things are most common: help us understand legal regulatory obligations where applicable (EU countries) and how to achieve best possible protection with a limited budget. The challenge at hand is as everywhere, lack of skills and know how related to ICT security and related topics. The more systems and regulatory requirements grow so does the complexity.
If we understand that majority of the local economies (excluding governmental spending) revolves around sub 250 employee companies, you can clearly see the main challenge – small and thus unspecialised IT teams dealing with business needs first, all else follows later on, security included.
What we do notice in the past several years is the trend to outsource security concerns to MSSPs and managed SOCs which are on the rise in the region and this is a good thing to improve the security posture. Outsourcing is helping companies to offset lack of knowledge and skills. At the end of the day, you do not need to know how to wire your house for electricity, but you still have it and it works when you flip the switch. Same applies to security and risks associated, involve the experts and focus on your core business.
More and more the topic of automation and orchestration is being asked, alongside with AI assistance with integration and interpreting the reports and logs. The challenge is to obtain (or retain) 360 degrees of visibility across all systems, no matter what or where they are so a systematic approach and asset management is key for success.
So called single pane of glass or a security platform is in high demand to help aggregate data across on prem and cloud systems and act upon it. Hence the rising interest and proliferation of MSSPs and MSOC providers as single organizations cannot cope adequately with all of these requirements.
One aspect that brings huge improvements and benefits in reducing the local attack surfaces is migrating to cloud and decommissioning legacy systems. However, this is a planned approach that does not happen overnight, so patience and project management skills are required, as well as budgets.
It is a challenge, especially with skilled talent often going to the highest bidder in a hindsight. In our case these are typically vendors and sometimes the ones we cooperate with, so it is kinda bitter sweet relationship on occasion. However there are mid grounds we can typically meet on providing there is a mutual interest (both intrinsic and extrinsic).
We also strive to find young talent, invest into education and training as well as sponsor development. We do have situations to have highly skilled staff returning after several years on the vendor side back to us. Companies that do invest in and nurture their talents typically also manage to retain them. There is no single answer, it is an ongoing effort.
The importance of the role is becoming more visible and better understood. Board conversations are still predominant task, to secure budget and understanding of the risks associated related to security but also business continuity and reputation on the market. Most SME organizations due to size and organizational restrictions are keen to outsource this role, similar to managing their security systems and posture.
Regulatory push is moving things forward and bringing security on everybody’s radar, thus also improving on the public-private partnership part as well. National regulatory institutions are interested in gathering and hearing opinions from the industry in an effort to meet requirements and not re-invent the proverbial wheel. Things may seem slow to the outside observer, but they are in motion.
source
This article was autogenerated from a news feed from CDO TIMES selected high quality news and research sources. There was no editorial review conducted beyond that by CDO TIMES staff. Need help with any of the topics in our articles? Schedule your free CDO TIMES Tech Navigator call today to stay ahead of the curve and gain insider advantages to propel your business!
