While there is certainly no shortage in cyber threats, there is a cyber skills shortage that is affecting most organizations.
In fact, 46% of organizations have reported a “problematic shortage” of cybersecurity skills, and this issue has been the #1 area of concern for six years in a row.
This issue presents a threat that can be addressed by leveraging outsourcing to supplement the skills of your internal IT staff. The case study below is an actual example with some details changed to obscure the identity of our client.
Foresite Case Study
A multi-state provider of property and casualty insurance products faced the common challenge of growing cyber threats and compliance requirements without the funding to add to their internal staff. Foresite’s Advisory services allowed the company to have access to our PCI Qualified Security Assessor (QSA) team, first on a project basis to help them review the controls and confirm the SAQ document, then on an “as needed” ongoing basis as new questions arise.
This quickly led to the question “What else can Foresite help us with?, and the next need was to address their concerns around Incident Response. While they had an existing IR plan, the document had not been updated in some time, and no table top exercises had ever been performed to confirm that it included all the information necessary to be useful in the event of a cyber incident.
Foresite’s consulting team found that updates were needed to align the IR plan with the current technical controls and procedures. We also noted that logs that would be needed in the event of an emergency were not being archived, and that led to another need – log monitoring and alerting.
Although the company had basic log monitoring and alerting in place to meet PCI compliance, the solution did not include one of the most important components – Incident Response support. The existing contract did not include monitoring for all of the key devices that could indicate a compromise and did not provide immediate access to log data for incident response, or a trained incident response team for the internal IT team to use for escalation of issues that they couldn’t resolve. With our ProVision solution, we also could co-manage their firewalls as part of our service which addressed a concern of their management team of what would happen if their one Palo Alto trained team member was unavailable.
By outsourcing to supplement the skills their internal team was lacking, this client was able to effectively and affordably meet their cyber security needs and address their compliance requirements.
Download the full case study PDF:Foresite Case study-Outsourcing for compliance – Insurance sector