Opinions from the inside: Tim Anderson
Find out what e2e-assure CCO, Tim Anderson has to say about the findings from our recent report:
Were you surprised to see the mid-marketing faring worst? Unfortunately, it comes as no surprise to me that the mid-market is faring the worst when it comes to the quality of service and confidence in their cyber defences.
For many small businesses, well configured and efficient cyber hygiene can be sufficient in increasing their cyber posture, offering a proficient level of defence. But sadly, the same cannot be said for the mid-market. The increased intricacies of tech stacks and policies can begin to mirror the cyber defence and monitoring needs of enterprises, but with a fraction of the available cyber security budget.
As a result, many mid-market businesses are sold ‘out of the box’ cyber solutions. With the focus of service innovation and customer-centricity solely on the enterprise level clients. Consequently, the mid-market is commercially viewed as an easy win, minimal work with year-on-year contracts that offer favourable margins.
However, these ‘out of the box’ solutions do not always offer the best protection. The challenging aspect lies in the contract, not the service itself. This is a recurring pattern where customers subscribe to a service with the sincere belief that its development and future improvements will meet their expectations. However, it’s a common experience to hear that this isn’t always the reality, and customers either find the service falling short of their expectations or, in some cases, the promised development never materialises.
What are the biggest frustrations amongst CISO’s?
Our report unveiled that the biggest frustrations of the 500 CISOs and cyber security decision makers we surveyed are:
- Long rigid contracts
- The continual need to bolt on new services
- The lack of threat hunting capabilities
I think from a commercial perspective, we can all understand why Managed Service Security Providers (MSSP’s) prefer long and rigid contracts. However, I sympathise with CISOs and other cyber security professionals having to work with these inflexible contracts.
The cyber security industry is fast-paced and unforgiving. The relentless drum beat of cyber threat is exhausting, and most cyber professionals are longing for a trusted specialist they can lean on for their expertise.
Sadly, the report results show, customers are seeing limited value from their current providers with 59% reporting their provider as underperforming. Thus, it is understandable that only 23% of our respondents state they will keep their provisions fully outsourced. In fact, we see a significant shift towards hybrid solutions, with 61% stating they will be looking to continue leveraging a hybrid solution.
Why? Simply put, I think CISOs just want to be able to sleep at night. By bringing some or all their cyber provision in-house they can have much better visibility and control of their cyber posture.
Interestingly, our report shows that there is still a strong desire to outsource. In fact, most respondents recognise the limitations of their in-house security teams and are happy to relinquish more control to providers in return for quicker decisions (68%), faster response times (63%) and less reliance on in-house skills (61%).
What result did you find most surprising?
I think the result I found most shocking is how unconfident our respondents reported feeling in their providers current use of threat intelligence (45%).
In my opinion, this should be at the forefront of all cyber security professionals’ minds. At e2e-assure our core threat detection and response technique, attack disruption, strongly utilises on-going threat intelligence (TI). TI allows our team to optimise our tuning capabilities, reducing false positives and rapidly reducing our time to detect malicious activity.
This gives our customers an elevated level of confidence in their cyber capabilities, and we continue to regularly test and simulate their environment to ensure this confidence does not waiver.