Whether it’s installing hardwood flooring, patching a hole in the wall, or fixing a leaking pipe, the idea of doing it yourself looks pretty simple on paper. By the time the project is complete, though, it often ends up costing more than it would have to just hire a professional and the end result is usually mediocre at best. Both the logic behind and results of do-it-yourself home project have many parallels with organizations trying to implement and manage cybersecurity on their own. For cybersecurity, however, the challenge is amplified by the fact that skilled cybersecurity professionals are increasingly hard to find.
Pitfalls of Do-It-Yourself
I’ve done my fair share of home improvement projects. Most projects aren’t that complex, and it generally seems like something I can knock out myself and save a few dollars rather than hiring a professional. Rarely (never, really) does the project work out the way I initially envision it.
For example, if there’s a leaky pipe in your home, you have two options: hire a professional plumber to fix it or try to fix it yourself. Option B is often followed by hiring the professional plumber after the fact to fix the much larger problem you’ve now created.
When it comes to projects like that, it is theoretically possible for someone to do it themselves, but why? It often requires unique specialized tools—which you will have to invest in, but which the professional plumber already owns. It will also require unique and specialized knowledge and skills—which you can invest time in reading about and watching YouTube videos to gain a rudimentary understanding, but which the professional plumber knows like the back of his or her hand.
Ultimately, you can probably complete the project, but it will cost more than you initially projected, and the results will be inferior to what you could have had for less money by working with a professional. And that doesn’t even include the opportunity cost of the ways you could have invested that time more productively.
Treating Cybersecurity Like a Leaking Pipe
Many organizations treat cybersecurity the same way homeowners approach home repair and improvement projects. They want to do it themselves, and they think they can save money by implementing and managing their own cybersecurity.
As with home projects, this is easier said than done. Companies find that they don’t have the right tools for the job, and they don’t have people with the right skills and experience to select the right tools—never mind deploying, configuring, managing, and maintaining them.
It’s possible to research cybersecurity best practices and muddle through—cobbling together something that resembles a cybersecurity infrastructure. The end result generally provides inadequate protection and costs more than it would have to engage professionals from the beginning.
The other problem with this approach is that the platform is only one facet of effective cybersecurity. Threat intelligence is necessary to research emerging threats and stay a step ahead of attacks, and cybersecurity expertise is required to monitor the environment 24/7 to detect and respond to security incidents. In other words, you need the “plumber” to stay around the clock to remain vigilant for new problems.
Shortage of Qualified Plumbers…I Mean Cybersecurity Professionals
One key difference between do-it-yourself home repair project and cybersecurity is that rather than just replacing the professional in the equation—like doing the plumbing on your own rather than hiring a plumber—organizations try to hire their own cybersecurity professional (or professionals). Unfortunately, when it comes to cybersecurity, there is a severe shortage of people with the right talents and skills.
An article from Alert Logic about the cybersecurity talent gap explains, “And despite increased tech spending overall, the global cybersecurity industry still faces both a skills and resources gap of mammoth proportions, with more than 4 million positions open and unfilled around the world and too few academic institutions and professional programs offering comprehensive training to develop security protocols to detect and prevent cyberattacks.”
It makes more sense to work with partners that have the tools and the skills to get the job done right. Alert Logic has the platform, intelligence, and experts to provide cybersecurity that just works and monitor your network 24/7. You can have peace of mind about your cybersecurity and focus on growing your business instead of trying to fix the “leaking pipe” yourself.
About the Author
*** This is a Security Bloggers Network syndicated blog from Alert Logic - Blogs Feed authored by Tony Bradley. Read the original post at: https://blog.alertlogic.com/why-cybersecurity-is-like-fixing-a-leaking-pipe/