According to Gartner’s 2015 Forecast Analysis on Information Security, cyber security consulting is currently a $16.5 billion annual global business and is forecast to grow to $23 billion per annum by 2019.
Understandably the area is seeing increasing interest from stakeholders. CESG recently certified the first six organisations under its Certified Cyber Security Consultancy scheme.
This year CESG, the information security arm of GCHQ, announced the first group of organisations who will provide government and industry with certified cyber security expertise.
Commenting on the launch, Ciaran Martin, GCHQ’s Director General for Cyber Security, said that this was "just the start of an ongoing process to build a wide pool of trusted cyber security advisors for our customers."
This shift towards services makes sense; customers want to find out how to use and deploy the products that they have already bought rather than simply buy more.
In an era when cyber security skills are in short supply, consultancies can also provide access to cyber security expertise.
CBR looks at some of the big-name cyber security consultancies looking to transform your business’s cyber strategy.
1. BT: Cyber Roadmap Consulting
Launched in May 2016, BT‘s consultancy programme aims to help large organisations in determining the level of risks they face.
The service creates mitigation and defence plans specific to each customer and provide step-by-step guidance on how they can improve their security.
The service is compliant with key accreditations such as ISO27002, the U.S.Commerce Department’s National Institute of Standards and Technology (NIST) Cyber Security Framework and the U.S. Federal Financial Institutions Examination Council (FFIEC) requirements for the financial services industry.
BT is planning to hire 900 more cyber-security staff this year. In September, the provider opened a cyber security centre to show that it can respond in real time to online cyber threats. Other initiatives have included an ethical hacking service for the automotive industry to help protect connected cars.
BT’s expertise in the cyber security field lies in its history of providing secure network access within its own organisation and to customers as a managed service.
As the provider of internet access to many businesses, BT also has an oversight over the entry points to the network.
2. IBM: X-Force Incident Response Services
The X-Force Incident Response Services arm of IBM helps clients plan for, manage and respond to cyber attacks using the knowledge of 3000 consultants and security researchers.
The experts will help clients in developing response strategies and provide a means to discover, respond to and report on security incidents.
Part of building the service was the acquisition of Resilient Systems, which provides a set of response playbooks for different incident types, as well as a knowledge base of global regulatory and compliance requirements.
This includes best practices for responding to a range of different incidents.
As an all-round IT provider with a long history, IBM brings the benefit of having seen the development of the threat landscape through from the early days of enterprise IT.
3. BlackBerry: Professional Cybersecurity Services
In February, BlackBerry launched this consulting practice, broken down into four main services; Strategic Security will provide best practices in IT operation, while Technical Security will provide technical assistance for infrastructure and product development.
Automotive and IoT Security will focus on the Internet of Things market, while Detection, Testing and Analysis will provide threat detection, mitigation penetration testing, vulnerability assessment and incident response analysis.
To bolster the consultancy, BlackBerry bought up Encription, a UK-based consultancy, citing its ability to mimic hacker techniques and use them to model potential risks as a key reason for the buy.
For BlackBerry, this is part of an alignment away from hardware towards software and services.
As the creator of one of the first dedicated enterprise devices, BlackBerry can be expected to have a strong expertise in mobile security.
BlackBerry has a lot of experience in working with governments, since 16 of the G20 governments use BlackBerry and BlackBerry has received over 70 security certificates.
4. Dell: Security Services
Dell‘s consultancy offering covers three main areas. The first is protecting IT assets, which includes providing services to assess risks and monitor threats.
It also aims to help companies comply with regulation, meeting industry and internal compliance requirements. This covers specific requirements for different sectors including financial, utility, healthcare, insurance, retail and government sectors.
It also offers to help companies train their employees and test them against social engineering threats such as phishing so that they have an incident response plan ready. Dell can also help organisations to source experienced security staff for critical projects.
The UK-based outfit BNSCyber is a smaller company than others on this list, but it has received the CESG certification for cyber security consultancy.
It can offer a review of information assurance and cyber maturity for the whole organisation or business unit and work with senior stakeholders to define the goals needed as part of the strategy.
It also provides tailored risk assessment methods to define the threats, vulnerabilities and associated risk.
The company says it provides services to several high profile systems integrators and Government Departments.
Since it is not an arm of a larger cyber security company but exclusively provides consultancy services, BNSCyber has a high degree of independence in determining the best products or services for companies to buy.