Magazine Button
In-house vs. managed services: Finding the right cybersecurity mix

In-house vs. managed services: Finding the right cybersecurity mix

CybersecurityIndustry ExpertTop Stories

In today’s rapidly evolving threat landscape, SMBs are making investments to bolster their cyberdefences. But this complex environment can be challenging to manage. Rob Harrison, SVP Products and Services, Sophos, talks us through the benefits of working with an expert managed services provider versus relying on an in-house team with multiple priorities to juggle.

Rob Harrison, SVP Products and Services, Sophos

Last year, two-thirds of organisations were hit by ransomware alone and, with the average cost of remediation sitting at an eye-watering US$1.4 million, the potential damage is too large for organisations to ignore.

However, it looks like this alarming reality is beginning to sink in. To counteract these dark forces, there has been a notable shift in attitudes and actions within the business world. Small to medium-sized businesses (SMBs), which are often viewed as vulnerable targets, are beginning to take arms and bolster their cybersecurity defences. Some analysts are even indicating an increase in investment in cybersecurity, with SMBs expecting to increase their spending on security from US$3.2bn in 2022 to US$4.3bn in 2026.

While increasing investment in cybersecurity is a step in the right direction, knowing where and how to spend it is a different story and for many small businesses, making informed decisions about where and how to invest resources into cybersecurity remains challenging.

The debate for SMBs is centred around a crucial decision: whether to enlist the expertise of a managed detection and response (MDR) provider or establish and implement an in-house security operations team. Embracing the reality that there is no one-size-fits-all approach, businesses need to be well-equipped to make informed decisions to navigate the ever-changing threat landscape effectively.

Cybersecurity costs and considerations

When trying to decide between an in-house or a managed service provider, organisations must consider the costs associated and tailor a solution that aligns with the needs of the business and its budget. While investing in an external team might seem like a costly expense, the true cost of recruiting, onboarding, training and retaining in-house talent can be much more.

For example, recruiting skilled cybersecurity professionals involves a vast amount of investment in terms of advertising, interviewing, training and onboarding new employees. Finding talent within cybersecurity has become increasingly difficult too, particularly with the shortage of in-house cybersecurity skills being the third biggest cyber-risk concern for IT professionals.

When considering the time to return on investment (ROI), security-as-a-service (SECaaS) offers a much more efficient route to keeping an organisation’s networks and assets secure. In-house security teams often take a considerable amount of time to become fully functioning and operational, whereas an MDR vendor can immediately execute their cybersecurity solutions, protecting organisations against threats from day one.

Enlisting an MDR service can also offer streamlined and catered solutions. Cybersecurity vendors consist of large teams of experienced security experts, who are already equipped with the skills and expertise needed to keep organisations safe.

While the initial investment in SECaaS may seem significant for all but the largest of organisations, they must audit their current security operation and weigh it against the comprehensive costs and time associated with establishing and maintaining an in-house team. By understanding the costs and resources associated, businesses will be better equipped to make informed decisions to find the right mix that aligns with their needs and resources.

Balancing internal control and external expertise

In today’s fast-paced and ever-evolving threat landscape, there is no correct solution when it comes to cybersecurity. A balancing act is required, where organisations can stay in control of their solutions, while also possessing the necessary immediate knowledge needed. Organisations must ensure their teams are capable of setting up and implementing security solutions and are taking the necessary precautions to prevent and neutralise threats.

However, to do this, you need the right tools and expertise, making it an operation that needs around-the-clock attention, 365 days of the year – something that is proving overwhelming for the majority of in-house security teams, particularly since 93% of organisations find the execution of essential security operations tasks challenging. Twenty-four-seven monitoring for threats is proving impractical and unrealistic for in-house teams to deal with alone.

Balancing the need for internal control, with the practical limitations of internal resources is 

where MDR comes into play. Through working with a security vendor, organisations can enhance their in-house capabilities, ensuring a robust security strategy without exhausting internal resources. Investigating alerts independently takes longer, which, in turn, reduces the capacity of the team and increases risk exposure. With malicious actors located anywhere around the world, an attack can come at any time, with 81% of ransomware payloads being deployed outside of traditional business hours. MDR services can provide considerable reassurance and peace of mind, through providing 24/7 cyber protection. This collaborative approach allows businesses to benefit from immediate responses to threats.

Future proofing with flexible solutions

As businesses and cybercriminals continue to evolve, so do an organisation’s cybersecurity requirements. With technology rapidly advancing, organisations must ensure they consider adopting a strategy that not only meets their current needs but also future proofs the organisation’s security in the long run. Organisations must anticipate change, whether through their employees, budgets, security solutions, or even the cyberthreat landscape. 

Adopting a hybrid approach is an effective solution, particularly for SMBs, who often have more constraints. Through combining the benefits of MDR, in-house teams can achieve a balance that empowers businesses to scale their cybersecurity efforts up or down, based on their individual needs and requirements, as well as allowing businesses to quickly adapt to evolving threats without being weighed down by rigid security operations.

For instance, utilising a managed service such as Sophos’ MDR can enhance the flexibility of a business’ security operation. Sophos MDR is designed to collaborate seamlessly with third-party telemetry. This maximises the benefits of a business’ existing investment, tools and infrastructure, while improving its overall security posture. Businesses can integrate new tools and technologies as needed, without the need to disrupt their entire security infrastructure.

This flexibility has become essential in today’s landscape, where the demands of security teams are constantly changing. Through incorporating a flexible hybrid model, organisations can effectively navigate the complexities of maintaining proficient security operations, ensuring robust protection while optimising their resources and investments.

Achieving a robust security solution

The reality of today’s rapidly evolving threat landscape demands an approach that is not only comprehensive for today’s threats but can adapt to tomorrow’s challenges. It has never been more critical for businesses to invest in solutions and partnerships that offer scalability, third-party integration and proactive threat intelligence. By acknowledging the requirements and needs of an organisation and factoring in essential elements, businesses can tailor their cybersecurity strategy for the best possible outcomes.

Click below to share this article

Browse our latest issue


View Magazine Archive