Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

CISOs Are Already Awake at Night – But What Can You Do About It?

Scour the World Wide Web for articles on what keeps CISOs up at night, and you'll return a list so long, you could be up all night reading it.

It's one of the most frequently asked questions in business, and when it is posed to already-pressured security professionals, it comes across as, pardon the pun, a bit tired. Perhaps a more apt way to frame the question is: "What doesn't keep CISOs up at night?

Indeed, from implacable threats to boardroom demands to skills shortages, it's no surprise the pangs of the overwrought infosec practitioner carry over from office to bedroom. The first step to recovery may very well be acceptance. You should feel no shame admitting your internal team is unable to handle all of the tasks and challenges on their plate.

Managed security services have become a popular alternative for resource-starved businesses, from those struggling to stay afloat in general to those deficient in certain specialized areas.

In fact, our recently released 2018 Security Pressures Report from Trustwave asked 1,600 global security decision-makers and influencers to choose why they do or would consider partnering with an MSSP (with the option to select as many reasons as they'd like).

Here's what they said:

1. To compensate for in-house skills shortages. (31%)

2. To adopt, deploy and operate hard-to-use security technologies. (30%)

3. To help with security automation. (28%)

4. To provide intelligence and extend security coverage against sophisticated threats. (27%)

5. To address complex security tasks, like vulnerability testing and incident response. (25%)

6. To handle routine tasks. (23%)

7. To stretch budgets. (21%)

8. To free up time to work on IT projects that got delayed by unresolved security issues. (16%)

9. To gain more visibility into the IT environment. (10%)

The ultimate goal for a business is to ensure it is adequately assessing and mitigating risk, implementing the right processes and controls to deal with existing issues, and properly planning for what is to come in an ever-evolving threat landscape.

Though rare, a fully mature, forward-thinking internal security team can get you there. So, too, can a well-rounded, 24x7 and intelligence-driven MSSP adept at protecting, detecting and responding.

Or a combination of the two.

If more restul nights come as a result, consider it icing on the cake

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.