Home>Blog>The Hacker News Headlines>Firing Your Entire Cybersecurity Team? Are You Sure?
The Hacker News Headlines

Firing Your Entire Cybersecurity Team? Are You Sure?

Cybersecurity Team

What on earth were they thinking? That’s what we – and other
security experts – were wondering when content giant Patreon
recently dismissed its entire internal cybersecurity team in
exchange for outsourced services.

Of course, we don’t know the true motivations for this move.
But, as outsiders looking in, we can guess the cybersecurity
implications of the decision would be inescapable for any
organization.

Fire the internal team and you take a huge risk

Patreon is a content-creator site that handles billions of
dollars in revenue. For reasons unknown to us, Patreon fired not
just a couple of staff members or someone in middle management. No:
the company fired its entire security team.

It’s a big decision with significant consequences because it
results in an incalculable loss of organizational knowledge. At the
technical level, it’s a loss of soft knowledge around deep system
interdependencies that internal security experts will just “know”
about and accumulate over time. Knowledge that is rarely ever
written down.

Fire the team, and all that knowledge is gone. Can it be
rebuilt? Possibly, but in the middle of a crisis, how long will it
take an external team to figure things out? It’s anybody’s guess,
but it won’t be easy.

The “buy-in” and the “right now”

There are two other things to worry about when considering
in-house vs. outsourced teams and firing your in-house team. It’s
dedication and responsiveness.

No matter how knowledgeable a contractor is, a contractor will
never have the same buy-in that you get from your internal employee
managing your systems at your company. After all, contractors look
at a system because they’re contracted to and will never fully
integrate into the company culture.

That affects the dedication and speed with which issues are
resolved and how invested a team is in fixing a problem. Yes, SLAs
can guide performance standards, but when it matters, in a crisis,
an SLA will never replicate the urgent sense of “right now” that
you have with a dedicated, internal team.

Sure, internal teams might not be able to solve a problem
instantly. Still, in the middle of a security crisis, the last
thing you want is a group of contractors watching the clock and
splitting their attention across several clients.

Forget about replacing lost talent

When making a significant decision such as this, another point
to consider: can we reverse the decision if we regret it? Yes,
given enough time, Patreon could rebuild the capabilities and
knowledge they lost. But can the company find the talent to do
it?

Talent acquisition is a significant problem in the tech market –
retaining talent is tough, and hiring new talent is even more
challenging. Either way, it will take months and months to rebuild
a moderate level of competence.

It will also come at great expense as recruits take time to
understand their new environment and how its intricacies differ
from other environments they worked in. Much of this is learned
through experience – no “best practices” manual can cover it
thoroughly.

Is the net result as intended?

We don’t know why Patreon made this decision, but it could be a
cost-saving measure, the common motivation for outsourcing. But
here’s the thing: investing in an internal cybersecurity team
that’s truly on top of things is designed to save you costs when it
counts.

When an organization’s systems are under attack, a deeply
ingrained, highly trained internal team will have worked to prevent
a successful breach. All that hard work, dedication, and knowledge
add to highly secure systems.

That’s a challenge for cybersecurity: when a well-funded and
motivated team does its job well, there’s nothing to show for it
except for the absence of incidents. On the flip side, incidents
resulting from inadequate security delivered by a (cheaper?)
external contractor can be incredibly costly to deal with and clean
up.

Bad for press, bad for finances, bad for security

Was there a valid reason other than cost savings for dismissing
an entire in-house cybersecurity team? Lack of competence, insider
risk, interpersonal issues, lack of communication, or failure to
achieve business goals? These would all be valid reasons.

Yet even if there’s a valid reason, the outcome won’t be good.
There is bad press coverage as massive, sudden changes in
cybersecurity regimes send the wrong signal. This, in turn, can
lead to a loss of trust with the creators that drive Patreon’s
bottom line.

The most significant risk is a cybersecurity failure. The most
important risk is a cybersecurity failure when firing an entire
internal security team. Was the internal team incompetent? Perhaps
the better solution would have been combining internal knowledge
with external expertise.

With nobody now at the helm, we think that the move by Patreon
just won’t work out well for its security efforts and that theirs
is a risk that it won’t work out well for the creators that
continue trusting Patreon with their content.

Cybersecurity is not getting any easier, and finding reputable and reliable
outside help[1] is not getting easier
either. When weighing your options, you should double-check your
situation before committing to such a move. Even if it were the
best decision, the reputational stain would be tough to remove.

References

  1. ^
    reputable and reliable outside help
    (www.tuxcare.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.