Incident response

The Advantages & Disadvantages of Outsourcing Incident Response

Tyra Appleby
February 13, 2018 by
Tyra Appleby

Companies usually outsource tasks if they are more cost effective and can produce consistent results. Outsourcing incident response functions ensures a company will get consistent, reliable results if an incident occurs. Many cybersecurity jobs go unfilled, because the pool of qualified applicants is currently smaller than the amount of jobs available. Thus, finding the right people for an in-house response team can be time consuming. If an incident occurs while waiting to staff those positions, a company is left vulnerable. Outsourcing means a company could be protected at a much faster rate.

When Should Incident Response be Outsourced?

It is time to consider outsourcing your incident response team when it is cost efficient, if you need to assemble a team quickly or if you have a high-risk infrastructure. Creating an internal incident response team is time consuming; finding qualified applicants can take an extensive amount of time. Once you hire the team, then you have to train them on the company’s infrastructure and the current incidence response plan.

Learn Incident Response

Learn Incident Response

Get hands-on experience with incident response tools and techniques as you progress through nine courses.

Depending on your budget, you may only be able to hire a limited amount of people. Outsourcing means you pay a set fee and you have access to that company’s team 24/7. You are not directly responsible for paying this team’s benefits or salary. You pay a fee for the service. This could be the most cost-effective approach depending on your company’s size and needs.

If you are a company that collects sensitive information about your customers like social security numbers or financial information, you are a hacker target. It is important to quickly assemble your incident response team and reassure your customers that their information is safe.

Hiring an external team means tapping into their expertise. Managed service providers (MSSPs) may not only bring experience, but also insight into potential flaws in your current incident response plan.

What Factors Should be Considered When Selecting a MSSP for Incident Response?

When considering a MSSP, it is very important to know the past performance history of the company. Be sure to answer the following questions when shopping for a provider:

  • How long have they been in business?
  • How many incidents have they responded to in the past?
  • What was the response and success rates of those responses?
  • Can they provide estimates of money they saved other companies by mitigating threats?
  • What is the education level of the staff?

These are all important questions to ask when considering a MSSP.

What Are the Advantages of Outsourcing Incident Response Functions?

Again, the biggest benefit of outsourcing incident response is the potential cost effectiveness of not having to pay full-time employees salaries and benefits. If a company has a great monitoring system in place, you will only need to pay the MSSP to keep a connection to that monitoring service, in addition to actual breach response services. You may have to pay a contract fee to have the company on your service, but the big costs only occur when an incident happens. Reducing overhead is an advantage for any company of any size.

Having an incident response team adds a certain level of insurance. Hiring an outside team for this job means they are a licensed and insured company. They are motivated to quickly respond to your incidents and mitigate threats because they may have guaranteed a certain success rate. If they fail and cost your company more money by not mitigating threats quick enough, they may actually owe you money instead. Plus, an outsourced company needs your great review in order to stay in business. An in-house team does not have the same incentive.

What Are the Disadvantages of Outsourcing Incident Response Functions?

Some of the negatives associated with outsourcing are creating additional threat vectors and reduced operational control.

The biggest disadvantage is granting an outside entity access to your company network and potentially proprietary information. This adds a certain level of risk. Giving someone external access creates infrastructure vulnerabilities. If this outside entity gets hacked themselves, those cybercriminals could potentially access your network through the hole created in the third-party’s breach.

Insider threat is a term to describe employees and other personnel being a threat to the security of the company. Employees can have access to sensitive company information. If they felt wronged in any way, they could release that information to the competition or the public. Outsourcing creates a bigger pool of potential insider threats since they will now have access to your network.

Learn Incident Response

Learn Incident Response

Get hands-on experience with incident response tools and techniques as you progress through nine courses.

You also lose some level of control when hiring an outside firm. You often sign a contract or service agreement that may have stipulations on your upgrade schedule, implementation of new software or even access controls for your system.

Tyra Appleby
Tyra Appleby

Tyra Appleby is a CISSP certified lover of all things cybersecurity. After serving 4 years in the Navy as a Cryptologic Technician, she continued supporting various DoD and government agencies as a Systems Security Engineer. She has a passion for writing and research, particularly in the areas of Reverse Engineering and Digital Forensics. When she’s not working, you can find her at the beach with her Rottweiler Ava.