An exponential escalation in the number of cybercrimes has resulted in organisations feeling asphyxiated from the anxiety and fear of becoming a victim of a malice cyber-attack and getting into the news for all the wrong reasons.  In FY 2021-22, 76,000 cybercrimes were reported in Australia, which is a whopping 13% increase from the previous FY (Australian Cyber Security Centre, 2022). Moreover, the cherry on top is the scarcity of cyber professionals in the job market (Mason, 2022), which has resulted in organisations neither being able to hire cybersecurity resources nor being able to retain the talent even after exhausting their resources to find them. So we’ve decided to shed some light on the topic of challenges that organisations face while outsourcing cyber security services and how business analysis can help tackle these challenges.

A natural solution that appears to the aforementioned problem is getting a Managed Security Service Provider (MSSP) on board. Outsourcing some specific services like pen testing and Network Operations Center is a usual industry trend. But (there’s always a but), when an organisation outsources any component of its cybersecurity, it also gives away a level of control to the third party which may expose the organisation to a new set of threats, a new can of worms (not to be confused with a “computer worm”), which was never a concern previously. Additionally, there’s a high potential for an increase in costs down the road in case the vendor decides to increase the service rates or if some new compliance/regulation is enacted directing the organisation to migrate those services to an in-house team.

Business Analysis is actually vital in such a scenario. A few ways business analysis can help include identifying the specific security issues that may get addressed better if dealt with by a third party, processes involving onboarding/offboarding a vendor, assisting in maximizing the benefits of MSSP subscribed services and understanding the organisational data transmission to and from, acting as an interpreter between the cybersecurity technical teams and the business, and helping to establish a mutual understanding etc. Want to know more about how an organisation can create more value out of a cyber project? Write to us at info@business-analysis.com.au and we will share with you an infographic detailing the role of a Business Analyst in a cybersecurity project.

Business Analysis (BAPL) is focused on ensuring our clients are successful with their software initiatives, products, and projects. Operating as a solution-agnostic consulting practice, we have a proven track record evidenced by client testimonies, a wide and deep domain knowledge and varied software experience captured in our case studies. We provide business analysis as a service.

References

Australian Cyber Security Centre. (2022). ACSC Annual Cyber Threat Report, July 2021 to June 2022.

Mason, M. (2022, September 13). Cyber skills shortage ‘to hit 30,000 in four years’ . Retrieved February 2023, from https://www.afr.com/technology/cyber-skills-shortage-to-hit-30-000-in-four-years-20220912-p5bhde