• At a recent Orange Cyberdefense analyst event, the company addressed (among other things) the familiar topic of the skills shortage in cybersecurity
• In doing so, it illustrated ways in which it might turn this fundamental market challenge into an advantage
The theme at Orange Cyberdefense’s recent analyst event was combining the best of both human and technology resources, so it was no surprise that the inescapable cybersecurity skills shortage was a featured topic alongside sessions dedicated to strategy, portfolio, and innovation. Without directly saying so, the managed security service provider (MSSP) is clearly trying to turn this global challenge into an advantage – at least in France, where it can claim market leadership with only about a 15% share due to a highly fragmented environment involving hundreds of solution providers.
With its strategy for retraining and recruitment well underway, Orange Cyberdefense has managed to increase the size of its team despite the people shortage and its associated side effect of high turnover among qualified employees. With 100 Orange employees upskilled and recruited by its own Cyberdefense Academy since 2017, plus the addition of 300 new external recruits in 2018, the group’s security business now has 1,300 “humans” on board. Continue reading “Orange Cyberdefense on Turning the Skills Shortage into an Advantage”→
Companies aren’t investing strategically in security because nobody really understands the full cost of cybercrime and it’s extremely difficult to measure risk accurately.
Getting investors to prod companies to take security more seriously could change that paradigm.
Here’s a thought: Why isn’t security considered a strategic investment? And could the thinking evolve over the next few years to come around to that conclusion? After all, we continually hear about how security has become a board level issue. And CISOs are getting more airtime with the board than ever before. I think there are two main stumbling blocks to getting there, and neither is easy to overcome.
First, it’s impossible to measure the true cost of cybercrime. Last month the Center for Strategic and International Studies released a report sponsored by Intel/McAfee that pegged the global cost of cybercrime at anywhere between $375 billion to $575 billion. Of that loss, $200 billion was attributed to the U.S., China, Japan and Germany. I personally think that those figures greatly under estimate the total economic losses that result from cybercrime because they don’t take into account all the factors that make up a loss, and because a lot of breaches in which intellectual property or other valuable data are stolen are never reported. Continue reading “How Much More Money Will be Lost Before Companies Begin Strategically Investing in Security?”→
Most mobile security services for the enterprise still focus on advisory and integration, stopping short of fully managed services.
This should change soon, as managed solutions increasingly hit the market, but managed mobile security will be baked into more comprehensive mobile device management (MDM) solutions rather than packaged as a standalone offering.
In yesterday’s IT Connection blog post on IT service providers and mobility, Kitty Weldon wrote about how 2013 has seen noticeable activity – rather than just talk – when it comes to key players delivering mobile-centric services to the enterprise. “ITSPs are gaining an increasing share of mobility-oriented enterprise business, especially in areas such as mobile strategy and mobile application development and enablement (which is to be expected), but also for mobile device management and mobile security.” The security piece is especially intriguing, as a number of professional and managed services focused on the intersection of MDM and security have been rolled out (or at least announced) in the last couple months, and the impression given by service providers is that they cannot get their solutions out fast enough to answer enterprise demand for external knowledge, advice and operational assistance in the wake of the flood of devices overrunning their IT landscapes. Continue reading “Mobile Security Solutions Moving from Threat Assessment to Managed Services”→