Do You Need a New Cybersecurity Solutions Partner?

March 27, 2018 Eric Dosal Eric Dosal

4 Min Read

Tackling the challenges of keeping your company’s most sensitive data secure in the face of modern cybersecurity threats is a herculean task. According to data from a SANS.org survey, more than 70% of businesses have witnessed phishing attacks against their networks with more than 30% of survey respondents claiming that said attacks caused a “significant impact.” About half of respondents had detected spyware attacks on their organization, with around 10% of them suffering significant impacts as a result.

These are just the attacks that the survey respondents discovered—it doesn’t account for any undiscovered or undisclosed attacks. Every day, criminals create new attack methods to steal the sensitive data of companies.

At the same time, regulatory requirements for the protection of sensitive data are also becoming more stringent in response to the ever-growing list of massive data breaches that happen each year. New rule sets, such as the European Union’s (EU’s) General Data Protection Regulation (GDPR), place new burdens on companies that are already heavily burdened to meet existing requirements.

To alleviate their burdens and simplify the task of meeting strict regulations, many organizations are turning to dedicated cybersecurity solutions partners. These partners are supposed to keep your business’ data safe from malicious actors—or at least mitigate your risk of data loss/leakage.

However, how can you be sure that you’re getting the most out of your cybersecurity solutions provider? If your partner isn’t providing top-notch protection, then it may be necessary to find a new one that can protect your business.

With this in mind, here are a few signs that your company needs to find a new cybersecurity solutions partner, pronto:

Old or Expired Certifications

When was the last time your partner earned a new certification for the cybersecurity products they use? How about the members of their cybersecurity teams?

Technology is constantly evolving—both for good and for ill. With new threats and tools to counter said threats coming out every day, a cybersecurity partner who isn’t actively updating their knowledge and skills is one that isn’t going to be able to protect your business for long.

If your partner only holds old certifications—or ones that have expired—then you cannot trust that they’ll be able to effectively respond when an attack happens.

A Lack of Communication/Updates

While some might say that “no news is good news” when it comes to attacks against your business’ network, your cybersecurity partner should really be doing their best to keep you in the loop.

Even if your cybersecurity solutions provider isn’t finding any attacks, malware, or other problems on your network, they should still provide you with reports detailing what it is that they’ve done to try to protect your network. The last thing you want to receive from the people in charge of keeping your business safe from cyber attacks is total radio silence.

There are a few reasons for this, including:

  • Keeping up with changes to your network. It’s only natural that, as your business grows, you’ll be making changes to your network—such as adding/replacing/modifying endpoints on the network, changing what software you use, and even adding or removing authorized users. If your cybersecurity partner isn’t communicating with you frequently, they can fall behind on adapting to these changes, creating vulnerabilities.

  • Interfering with your business operations. Communication is crucial for coordinating your cybersecurity protection with your business’ operations. If your solutions partner has to take down a server or database to make a critical security update but doesn’t tell you about it, then you may find yourself down a critical resource unexpectedly when you most need it.

  • It demonstrates a lack of interest in your company. One of the biggest problems with not hearing from your cybersecurity partner is that it demonstrates that they don’t consider you very important—which may mean that you’re not getting the level of protection you’re paying for. If they aren’t making the effort to talk to you, can you count on them to make the effort to protect your business?

Not Meeting Your Service Level Agreements

Odds are that when you signed up with your cybersecurity partner, they made commitments to respond to specific security events in a set amount of time—a service level agreement (SLA). However, the response time promised in an SLA and the time it actually takes for your security partner to step in and resolve a problem aren’t always one and the same.

Sometimes, a problem might be more complicated than initially assumed in the agreement. This is unfortunate, but unavoidable from time to time.

However, when your cybersecurity partner is frequently late in dealing with issues that pop up and cannot seem to meet the schedule they committed to, it may be time to find a new partner.

You Aren’t Getting Ongoing Support

A cybersecurity partner is more than just a team of people that helps out with the implementation of some new security solution or tool—they’re the group of people you can turn to whenever you have a problem.

Ongoing service and support is a defining characteristic of a partnership. So, you should be seeing your partner doing things like helping your team troubleshoot common issues with your security software, conducting regular updates, and filing security reports to show you what they’re doing to help.

If all your “partner” does is install new software on your network and leave you to figure the rest out for yourself, then they can hardly be called a true partner.

Having the right cybersecurity solutions partner can make a huge difference in mitigating your risks. But, having the wrong partner can be as bad as (or worse than) having no partner at all.

Need to know more about cybersecurity so you can gauge how well your partner measures up? Take a look at our Back to Cybersecurity Basics guide for free at the link below!

reducing with risk Rapid7 and Compuquip