In 2022, IT security managers have faced cyber threats caused not only by external cyber criminals trying to penetrate the company’s systems, but also by employees violating IT security policies. Unsurprisingly, 59% of large organizations faced some form of sabotage or industrial espionage incidents. This is just a glimpse of the myriad security incidents that have kept external experts on their toes last year. However, when it comes to selecting the right MSP or MSSP, there are a few factors to consider.
Three usage scenarios
Some 65% of SMBs and corporations said the most common reason to transfer certain IT security responsibilities to MSPs/MSSPs in 2022 was the efficiency external specialists can provide. However, MSPs/MSSPs come with risks and still need to be controlled by in-house experts. The following usage scenarios can serve as a rule of thumb to help organizations gauge when to outsource and when to build in-house capabilities:
- Establishing a specific function quickly
- Building a security function from scratch
- Supporting extensive growth
The best of both worlds
In some cases, a hybrid approach, in which the organization builds some services in-house and outsources others, may be the best option. There are two main variations of the hybrid approach: the first one is to build core functions (like Security Monitoring, Incident Response, etc.) internally and outsource everything that is not suited to build in-house. The second variant is to develop the expertise of incident responders, who know the environment and are best able to respond to advanced attacks. Both of these variants allow an organization to build core functions and not waste time and resources on functions that require narrow skills and tools.
If you’d like to learn more, you can read the full report here.