Annual research from the Information System Security Association and research firm ESG shows that the shortage of specialized cybersecurity personnel is growing. More than half of companies are already said to be suffering the consequences of this and are more often under attack from cyber threats. It should therefore come as no surprise that managed security services are on the rise. We consulted Fons Quidousse, Technical Cybersecurity & Network Consultant at Simac.
We notice not only a shortage of cybersecurity specialists, but also system engineers. These people, who implement and manage the IT infrastructure, are a scarce resource.
Is there really a skills crisis in the security departments of companies? Do you notice this in your customers?
Fons: There is, we notice everywhere how difficult it has become to have enough people in important cybersecurity positions. We see how long vacancies remain open everywhere, especially for senior positions. Juniors are easier to find than experienced professionals. You can select them mainly on attitude - you can teach them the specific technical knowledge.
We were at the Cybersecurity fair in Brussels with Simac three weeks ago. It was remarkable that companies were there not only to find new clients, but also to actively recruit, and recruit people from the competition.
In addition, we notice not only a shortage of cybersecurity specialists, but also system engineers. These people, who implement and manage the IT infrastructure, are a scarce resource.
What is this shortage of people due to?
Fons: I notice that many young people at school choose software rather than IT infrastructure and IT security. There has been a lot of communication about how software would eat the world, so this influences young people in their choice. We should not forget, though, that you also need infrastructure to facilitate everything and security to secure the data. The Center for Cybersecurity Belgium recently called for more security topics in STEM courses in education in its vision report. That should get more people excited about the sector. That will also be necessary, because the shortage is only increasing.
What are the dangers of a shortage of security personnel?
Fons: The first consequence is that alerts are not followed up anymore because there are no people to do that. Another effect is that the security infrastructure is not followed up. We call that 'set and forget': the security is set up, but not maintained. A false sense of security is, in my opinion, worse than the realization that you are not secure. We must not forget that both SMEs and large companies can become victims of attacks.
The benefits of managed services
Then, indeed, it seems better to engage an external party to avoid cyber incidents. What are the benefits of managed security services?
Fons: If you hire the right partner who takes care of everything correctly then, as a company, you can rest assured. You know that at any time there are people with a thorough knowledge of IT security management. They work 24/7 on nothing but security. It is therefore a logical consequence that they have a deeper level of knowledge in certain segments of security than the general IT administrator. A managed security services partner often employs many more cybersecurity people than in an average IT department. This allows you to specialize more. Threats have become much more complex, so you need more people with niche knowledge who can work together.
An additional advantage is that you pass on some of the responsibility. Of course, as a company you are still ultimately responsible, but you achieve a higher level of security maturity when you can work with people who are involved on a daily basis. They not only look at the here and now, but they can also indicate what investments should be made in the future to further improve IT security.
Threats have become much more complex, so you need more people with niche knowledge who can work together.
The managed security services of Simac
For which managed security services can companies turn to Simac?
Fons: We already have a whole laundry list of managed services and we are expanding our range of security services. First of all, we have the classic network services: updating infrastructure, monitoring it, reporting anomalies, resolving problems that may arise after a configuration change... We implement updates and upgrades. That way, we ensure that all patches are installed and companies always have the most recent versions. They can constantly rely, therefore, on the most robust infrastructure and prevent cyber attacks.
We have also partnered with Phished to conduct phishing simulations. In addition, we train end-users within an organization on security awareness. This allows us to provide more targeted advice.
We also work with Tenable for vulnerability management. Every three months we perform a scan within organizations to advise which renewals or updates are necessary. Sometimes this can be specifically about a check of the firewalls, or the policies that need an update, or web application scanning.
Aren't managed services often perceived as expensive? If all goes well, companies have paid for something they don't actually use.
Fons: I see it differently: if everything goes well, we have delivered a very good service. Then they have made a perfect investment and the IT security has done what it had to do. If something does come through, then it was indeed a bad investment. Another thing about the price of managed services: they have the advantage that you work with a fixed, predictable cost.
Selection of a managed security services provider
How do you recognize a good managed service provider? By a name that starts with S and ends in c?
Fons: I would look primarily at the portfolio of the service provider. What customers have already placed their trust in that company? A key element is also the number of certified people they have for the different vendors they resell. That also provides a quality guarantee because you know they have in-depth product knowledge and a good relationship with the vendors. I also think it is important to be able to look beyond security alone, because security is interwoven with all the IT in a company. Something else in which Simac distinguishes itself is that we constantly think along with the client and put ourselves in their place. That proactivity is greatly appreciated.
Managed security services are a way to solve the skills crisis. But how does Simac get the right people to offer those services?
Fons: We are an attractive company to work for. Simac is really an atypical IT service provider. We have a very flat structure where everyone is very approachable. I can just walk into the office of the CEO or the Director of Integration to present a new idea. If you're entrepreneurial, you definitely get responsibility to taking things further. Working closely with everyone is in our DNA. People who come here also know that they get a lot of training, which is important for anyone who wants to keep up. That gives you the chance to really specialize. That is good for you, but also for Simac and especially for the clients who we can unburden optimally this way.
Fons Quidousse is technical cybersecurity & network consultant at Simac ICT Belgium. He helps his colleagues and clients to find the best possible solutions for challenges concerning networks and security. Fons has been working at Simac since October 2020.Contact us now