SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Kaspersky report reveals growing demand on MSSPs for security functions
Wed, 8th Feb 2023
FYI, this story is more than a year old

The latest Kaspersky IT Security Economics Report revealed a growing demand among enterprises in Southeast Asia (SEA) for outsourcing specific and key cybersecurity functions to boost their IT security.

The fresh report from the global cybersecurity company showed that businesses here rely on their Managed Security Service Providers (MSSPs) for cybersecurity education, assessment, protection from high-volume attacks and modern cyber threats as well as advanced threat detection and resolution.

Data from the research was collected from 3,230 interviews covering 26 countries across Kaspersky's major B2B markets worldwide, including key countries in Southeast Asia. Some 48.3% of enterprises in the region are choosing to entrust their MSSPs to handle the security training, education and awareness functions to their organisations.

Being the weakest link in the IT ecosystem, the human factor prominently figured in almost all known security breaches so cybersecurity education remains a critical tool for enterprises faced with constantly evolving threats. It is a major step in safeguarding organisations which have always been put at serious, costly risk due to mistakes by employees which were either intentional, careless or simply stemming from a lack of knowledge of security issues.

As of 2020, Kaspersky's data showed an average breach cost 1.09 million dollars for an enterprise and 101 thousand dollars for a small and medium business (SMB).

Other cybersecurity function companies are delegating to their MSSPs are cybersecurity assessment (58.8%) as well as protection against distributed denial of service or DDoS (44%), advanced persistent threats or APTs (39.7%) and Endpoint Detection and Response or EDR (42.5%).

Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky, says, "We believe cybersecurity remains a high priority investment area for most businesses in Southeast Asia.

"On the heels of the pandemic, which caused massive business disruptions and dramatic digital transformation, this part of the world understands how it is greatly exposed to cyber security risks. The results of our survey shows that organisations in SEA are taking proactive measures to protect and fortify their people, digital assets, operations, and infrastructure."

A recent independent study confirmed that in the wake of cyber staff scarcity and recruitment costs, organisations are actively on the hunt for MSSPs that can be extensions of their internal IT and security teams. These organisations are also looking for MSSPs that can offer advanced cybersecurity expertise to support the security posture of their businesses.

Kaspersky offers managed service providers (MSPs) the opportunity to evolve into MSSPs. The Canalys report developed for Kaspersky also recommends the following steps: Service providers need to review their recent cyber-posture, capabilities, core values, and operating processes. Being aware of their own infrastructure is the first step to building secure cyber-practices for customers.

On the next level, it is important to develop a skills base. MSPs can invest in vendor certification levels, software development skills, and should understand their customers' security resilience. When the basis is built, MSPs can develop vertical-specific offerings and SOC capabilities. It is also important to get certifications for frameworks such as NIST or CIS if an MSP works with the public sector.