Re-strategising Resilience In The Remote Working Age

Every year new cyber security technologies emerge - yet breaches continue to hit the headlines. Resource-constrained IT leaders are left wondering how to proceed. So, is cyber security actually broken?

It’s well understood that the difference between a cyber attack failing or succeeding usually depends on speed of action. But even when firms invest in the latest technologies to boost threat detection and response, breaches still occur.

All too often the problem is not because a tool failed to raise an alert, but because it was missed or ignored. Two in five UK IT teams are overwhelmed by security alerts and over half admit they’ve ignored a cyber security issue to prioritise other business activity. The surge in remote working is only exacerbating the issue. Over half of security leaders (52%) feel hard pressed to protect employees’ mobile devices.

Mind The Gap

As cyber crime increases, organisations react by adding more tools. Yet, threats still slip through the gaps. A recent survey confirmed many IT security teams are overstretched and ill-equipped. Over a quarter (27%) aren’t able to spot a real threat, and an astonishing 30% admit to not knowing how to use their security tools effectively. Tools alone are clearly not enough.

The most common causes of cyber breaches are:

Human error:  Unintentional user actions (or inactions) that cause, spread or allow a breach are estimated to account for 95% of security issues.

Infrastructure complexity:  With a growing attack surface that extends past corporate networks and firewalls to the homes of hybrid workers, defence is only as strong as the weakest link.

Lack of resources:  Overwhelmed by security alerts, stretched in-house teams covering the whole IT stack might not be able to provide 24/7 expert support.

Poor governance and training:  Watch out for employee negligence, inadequate training on new threat detection tools, weak password management, irregular patching, and unclear threat handling and escalation processes.

Budget constraints:  Too many organisations prioritise other business areas over investing sufficiently in cybersecurity. Moreover, SMB and mid-market businesses don’t have deep pockets like global players, yet they are equally in the firing line as they’re softer targets.

It’s no wonder protecting against cyber attacks can sometimes feel like a never-ending game of whack-a-mole. 

Building Expert-led Security Operations

We’ve arrived at a tipping point. It’s time to stop adding tools and complexity and start building security operations where cyber security experts are truly empowered to lead response. 

Many businesses seek to develop a robust security posture managed by in-house teams. Unfortunately, self-managed approaches often fall short in today’s sophisticated cyberthreat environment. Traditional Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM) systems gather data, but often result in blind spots and excessive noise from false positives. A highly trained and well-resourced team is required 24/7 to manage threats effectively. 

The DIY route is now harder than ever. Organisations frequently don’t want the expense of round-the-clock cyber security experts.

Even if they do, recruitment efforts come up against the great resignation conundrum. Many security professionals are thinking about resigning due to work pressures and cancelled leave. Skilled IT candidates are in demand, tempted into new roles by multiple job offers.

Developing A More Robust Security Posture

To overcome the shortcomings of tools and lack of resources, companies are increasingly leveraging the skills of a strategic security partner. Managed security operations enable organisations to boost internal teams and ensure a more robust, proactive security posture. Combining cost-effective access to the latest technologies along with 24/7 human expertise, Security Operations Centre as-a-Service (SOCaaS) solutions provide firms with a with an immediate response to threats, and expert-led learning to strengthen resilience over time.

A good SOCaaS provider will take a two-pronged approach:

Rapid tactical response:  Seek out a provider with proven abilities to detect real threats among false alerts, and act upon them as soon as they arise. Outsourcing to a proactive frontline team armed with the latest cloud-native technologies is an effective way to boost an organisation’s threat detection and response capabilities. The best SOCaaS providers will have a dedicated 24/7 team who will act rapidly to confirm or refute the threat and collaborate with the customer until an incident is resolved.

Focus on strategic implications:  You should also look for a partner who will help to improve your security operations over the long-term. Following a resolved incident, your MSP should help you better understand the strategic implications of an attack, working with an in-house team to identify areas of improvement and support remediation efforts.

As cyber threats grow, many IT teams lack expert resources and visibility across their entire attack surface to be able to detect threats and correlate events effectively. Organisations need strategic security partners who can detect threats quickly and analyse them for root causes, along with the in-depth knowledge of the evolving landscape to provide actionable steps to improve long-term security posture. 

Managed Security Operations Centre-as-a-Service (SOCaaS) solutions are a cohesive and scalable approach to cyber security that evolves as the threat landscape changes. Working as an extension of in-house teams, SOCaaS makes it fast and easy for organisations of any size to deploy world-class security operations that continually guard against attacks in an efficient and sustainable way.

Rob Smith is CTO with cloud services provider Creative ITC

You Might Also Read:

Why A Managed Security Service Provider Should Be On Your Cyber Roadmap:

 

« Protecting Medical Devices From Cyber Attacks
Ukraine Knocks Out A Russian Bot Network »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality ISAC operates as a central hub for sharing sector-specific cyber security information and intelligence.

Recorded Future

Recorded Future

Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk.

BrainChip

BrainChip

BrainChip is the leading provider of neuromorphic computing solutions, a type of artificial intelligence that is inspired by the biology of the human neuron - spiking neural networks.

Private Internet Access

Private Internet Access

Private Internet Access is a Virtual Private Network services provider offering secure encrypted access to the internet.

CRI4DATA

CRI4DATA

CRI4DATA's mission is to help organizations build their resilience to cyber risk.

SoSafe

SoSafe

SoSafe empowers organizations to build a security culture and mitigate risk with its GDPR-compliant awareness programs.

TierPoint

TierPoint

TierPoint delivers secure, reliable, and connected infrastructure solutions at the internet’s edge. We meet you where you are in your journey to solve for data storage, compute, and recovery.

WhiteHawk

WhiteHawk

WhiteHawk is the first online Cyber Security Exchange. We help you understand your cyber risk and match you to tailored and affordable solutions.

Institute for Security and Technology (IST)

Institute for Security and Technology (IST)

The Institute for Security and Technology's goal is to provide the tools and insights needed for companies and governments to outpace emerging global security threats.

US Digital Corps

US Digital Corps

The U.S. Digital Corps is a new two-year fellowship for early-career technologists where you will work every day to make a difference in critical impact areas including cybersecurity.

Armo

Armo

Armo technology enhances any Kubernetes deployment with security, visibility, and control from the CI/CD pipeline through production.

RevealSecurity

RevealSecurity

RevealSecurity's TrackerIQ detects malicious activities in enterprise applications.

CatchProbe Intelligence Technologies

CatchProbe Intelligence Technologies

CatchProbe provides actionable web intelligence, OSINT, deception systems, threat intelligence, and digital crime analytics solutions and products through an AI-Driven intelligence platform.

Superna

Superna

Superna is the global leader in data security and cyberstorage solutions for unstructured data, both on-prem and in the hybrid multi-cloud.

Triskele Labs

Triskele Labs

Triskele Labs deliver services including Penetration Testing, Compliance and Risk Management through to 24*7*365 Security Operations and outsourced Cybersecurity Managers.

DYOPATH

DYOPATH

At DYOPATH we work with the single purpose of helping our clients combat the ongoing increase of cyber threats, the growth in more complex IT environments, and ever-increasing human capital shortages.