Re-strategising Resilience In The Remote Working Age

Uploaded on 2022-08-22 in TECHNOLOGY--Resilience, FREE TO VIEW

Every year new cyber security technologies emerge - yet breaches continue to hit the headlines. Resource-constrained IT leaders are left wondering how to proceed. So, is cyber security actually broken?

It’s well understood that the difference between a cyber attack failing or succeeding usually depends on speed of action. But even when firms invest in the latest technologies to boost threat detection and response, breaches still occur.

All too often the problem is not because a tool failed to raise an alert, but because it was missed or ignored. Two in five UK IT teams are overwhelmed by security alerts and over half admit they’ve ignored a cyber security issue to prioritise other business activity. The surge in remote working is only exacerbating the issue. Over half of security leaders (52%) feel hard pressed to protect employees’ mobile devices.

Mind The Gap

As cyber crime increases, organisations react by adding more tools. Yet, threats still slip through the gaps. A recent survey confirmed many IT security teams are overstretched and ill-equipped. Over a quarter (27%) aren’t able to spot a real threat, and an astonishing 30% admit to not knowing how to use their security tools effectively. Tools alone are clearly not enough.

The most common causes of cyber breaches are:

Human error:  Unintentional user actions (or inactions) that cause, spread or allow a breach are estimated to account for 95% of security issues.

Infrastructure complexity:  With a growing attack surface that extends past corporate networks and firewalls to the homes of hybrid workers, defence is only as strong as the weakest link.

Lack of resources:  Overwhelmed by security alerts, stretched in-house teams covering the whole IT stack might not be able to provide 24/7 expert support.

Poor governance and training:  Watch out for employee negligence, inadequate training on new threat detection tools, weak password management, irregular patching, and unclear threat handling and escalation processes.

Budget constraints:  Too many organisations prioritise other business areas over investing sufficiently in cybersecurity. Moreover, SMB and mid-market businesses don’t have deep pockets like global players, yet they are equally in the firing line as they’re softer targets.

It’s no wonder protecting against cyber attacks can sometimes feel like a never-ending game of whack-a-mole. 

Building Expert-led Security Operations

We’ve arrived at a tipping point. It’s time to stop adding tools and complexity and start building security operations where cyber security experts are truly empowered to lead response. 

Many businesses seek to develop a robust security posture managed by in-house teams. Unfortunately, self-managed approaches often fall short in today’s sophisticated cyberthreat environment. Traditional Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM) systems gather data, but often result in blind spots and excessive noise from false positives. A highly trained and well-resourced team is required 24/7 to manage threats effectively. 

The DIY route is now harder than ever. Organisations frequently don’t want the expense of round-the-clock cyber security experts.

Even if they do, recruitment efforts come up against the great resignation conundrum. Many security professionals are thinking about resigning due to work pressures and cancelled leave. Skilled IT candidates are in demand, tempted into new roles by multiple job offers.

Developing A More Robust Security Posture

To overcome the shortcomings of tools and lack of resources, companies are increasingly leveraging the skills of a strategic security partner. Managed security operations enable organisations to boost internal teams and ensure a more robust, proactive security posture. Combining cost-effective access to the latest technologies along with 24/7 human expertise, Security Operations Centre as-a-Service (SOCaaS) solutions provide firms with a with an immediate response to threats, and expert-led learning to strengthen resilience over time.

A good SOCaaS provider will take a two-pronged approach:

Rapid tactical response:  Seek out a provider with proven abilities to detect real threats among false alerts, and act upon them as soon as they arise. Outsourcing to a proactive frontline team armed with the latest cloud-native technologies is an effective way to boost an organisation’s threat detection and response capabilities. The best SOCaaS providers will have a dedicated 24/7 team who will act rapidly to confirm or refute the threat and collaborate with the customer until an incident is resolved.

Focus on strategic implications:  You should also look for a partner who will help to improve your security operations over the long-term. Following a resolved incident, your MSP should help you better understand the strategic implications of an attack, working with an in-house team to identify areas of improvement and support remediation efforts.

As cyber threats grow, many IT teams lack expert resources and visibility across their entire attack surface to be able to detect threats and correlate events effectively. Organisations need strategic security partners who can detect threats quickly and analyse them for root causes, along with the in-depth knowledge of the evolving landscape to provide actionable steps to improve long-term security posture. 

Managed Security Operations Centre-as-a-Service (SOCaaS) solutions are a cohesive and scalable approach to cyber security that evolves as the threat landscape changes. Working as an extension of in-house teams, SOCaaS makes it fast and easy for organisations of any size to deploy world-class security operations that continually guard against attacks in an efficient and sustainable way.

Rob Smith is CTO with cloud services provider Creative ITC

You Might Also Read:

Why A Managed Security Service Provider Should Be On Your Cyber Roadmap:

 

« Protecting Medical Devices From Cyber Attacks
Ukraine Knocks Out A Russian Bot Network »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Securezoo

Securezoo

Securezoo's mission is to simplify and enhance information security by providing trusted security guidance, products, and information to small and mid-sized businesses and security professionals.

Cloud53

Cloud53

Clolud53 is a Manchester based Managed Cyber Security & Cloud company providing solutions focused around you.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Verlingue

Verlingue

Verlingue (formerly ICB Group) is a leading corporate insurance broker providing Insurance, Risk Management and related advice to businesses and private clients.

VigiTrust

VigiTrust

VigiTrust is a security firm specializing in cloud based eLearning programs, security compliance portals and providing security assessments.

Xage Security

Xage Security

Xage is the world’s first blockchain-protected security platform for Industrial IoT.

ISA Global Cybersecurity Alliance (ISAGCA)

ISA Global Cybersecurity Alliance (ISAGCA)

ISAGCA is a collaborative forum to advance OT cybersecurity awareness, education, readiness, and knowledge sharing.

ERI

ERI

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States.

AUREA Technology

AUREA Technology

The photon counter SPD_OEM_NIR from AUREA Technology is designed for quantum key distribution at telecom wavelengths.

Ackcent Cybersecurity

Ackcent Cybersecurity

Ackcent's mission is to help our clients to protect their critical digital assets by providing them with a portfolio of specialised professional services.

Quantifind

Quantifind

Quantifind enables financial crimes/fraud analysts and investigators to make better decisions, faster, with intelligent automation.

Cloud Box Technologies

Cloud Box Technologies

Cloud Box Technologies is one of the premier IT Infrastructure Solution providers in the Middle East.

BIG Cyber

BIG Cyber

BIG Cyber is a specialized Managed Security Service Provider (MSSP) dedicated to bringing military grade cyber security technology to the gaming industry.

Ceeyu

Ceeyu

Ceeyu is an all-in-one cybersecurity ratings and third party risk management platform.

Prikus Tech

Prikus Tech

Prikus is a full-fledged Cyber Security Company helping organizations worldwide to manage cyber risks. We offer Risk & Compliance Services, Security Testing & Managed Security Services.

ImagineX Consulting

ImagineX Consulting

ImagineX Consulting is a cybersecurity-focused boutique technology consultancy whose mission is to help our clients #BeBetter by reducing their corporate risk.