This is according to Brett Casey, CEO of specialist IT security management and consulting company, Securicom.
'More and more companies are turning to expert consultants to manage their IT security. One of the main reasons for this is that companies simply cannot afford to retain the necessary skills and resources in-house.
'Over the last decade, the ways and means of attacking data have become more sophisticated, and they continue to evolve at an alarming rate. Staying ahead of these advancements is imperative in order to efficiently ward off attacks, and, unless there is a dedicated team focused on managing IT security in-house, companies are simply not equipped to protect themselves,' he says.
Unfortunately, Casey says that many companies do not realize this until their IT security is compromised, and their intellectual property comes under threat.
'Obviously, prevention is better than cure, but many companies do not understand just how vulnerable they are until it is too late,' he adds.
Casey believes that security is a mindset, which is why outsourcing IT security makes good business sense for any company that considers its data to be critical. He adds that it also makes very little difference to the size of an organization when it comes to securing data.
'Data can be as important to an organization with just ten users as it is to one with 10 000 users. This is why security companies need to address the security requirements of companies of all sizes.
'You have to eat, drink and sleep security in order to fully understand it and recognize the vulnerabilities. To an IT manager who has a host of functions to fulfill, managing IT security is not a key focus, so he will most likely not have the depth of understanding, the necessary expertise, or the time to properly secure and protect the company's data,' he says.
Casey explains that outsourcing IT security to specialist consultants means that a company will have access to a whole team of engineers who not only have the necessary skill-set to do the job well, but who also understand the importance of understanding the methods and motivation behind attacks.
He points out that the nature of the threat has also changed from being purely malicious to being revenue-driven.
'Gone are the days when hackers would hack into company networks, causing damage to data just for the fun of it. Nowadays, they are hacking in for financial gain, and the threat to business is considerably bigger. To top it off, there are numerous avenues to entry, using e-mail, the Web and, of course, Spyware. Companies have never been more at risk,' Casey adds.
The complexity of attacks and potential damage to business are therefore also key drivers behind companies adopting a managed services model for IT security. However, many companies still refrain from seeking outside assistance.
One reason is cost, but Casey says that outsourcing IT security is a significantly more cost-effective option for companies that cannot afford to sustain the necessary resources in-house.
'Upgrading technology to meet security needs is also expensive,' he adds.
'Another barrier is mindset. Some company executives are reluctant to entrust their IT security to a third party. IT managers are even more averse to the idea, because they are protecting their own positions, but what they often do not realize is that taking the responsibility of security off their hands affords them more time to focus on their core function.
'As IT security consultants, we need to position our service at executive or director level in order to break down this barrier. Once they understand the potential financial threat to the business, they are far more open to outsourcing their IT security to an outside company,' says Casey.
Looking ahead, Casey believes that IT security as a managed service will continue to gain momentum.
'Optimizing IT security is fast becoming a priority for SA businesses. At the same time, the constant evolution of attack tactics and the cost of managing the process internally are likely to prompt companies to outsource their IT security to expert consultants,' he concludes.