Re-strategising Resilience In The Remote Working Age

Uploaded on 2022-08-22 in TECHNOLOGY--Resilience, FREE TO VIEW

Every year new cyber security technologies emerge - yet breaches continue to hit the headlines. Resource-constrained IT leaders are left wondering how to proceed. So, is cyber security actually broken?

It’s well understood that the difference between a cyber attack failing or succeeding usually depends on speed of action. But even when firms invest in the latest technologies to boost threat detection and response, breaches still occur.

All too often the problem is not because a tool failed to raise an alert, but because it was missed or ignored. Two in five UK IT teams are overwhelmed by security alerts and over half admit they’ve ignored a cyber security issue to prioritise other business activity. The surge in remote working is only exacerbating the issue. Over half of security leaders (52%) feel hard pressed to protect employees’ mobile devices.

Mind The Gap

As cyber crime increases, organisations react by adding more tools. Yet, threats still slip through the gaps. A recent survey confirmed many IT security teams are overstretched and ill-equipped. Over a quarter (27%) aren’t able to spot a real threat, and an astonishing 30% admit to not knowing how to use their security tools effectively. Tools alone are clearly not enough.

The most common causes of cyber breaches are:

Human error:  Unintentional user actions (or inactions) that cause, spread or allow a breach are estimated to account for 95% of security issues.

Infrastructure complexity:  With a growing attack surface that extends past corporate networks and firewalls to the homes of hybrid workers, defence is only as strong as the weakest link.

Lack of resources:  Overwhelmed by security alerts, stretched in-house teams covering the whole IT stack might not be able to provide 24/7 expert support.

Poor governance and training:  Watch out for employee negligence, inadequate training on new threat detection tools, weak password management, irregular patching, and unclear threat handling and escalation processes.

Budget constraints:  Too many organisations prioritise other business areas over investing sufficiently in cybersecurity. Moreover, SMB and mid-market businesses don’t have deep pockets like global players, yet they are equally in the firing line as they’re softer targets.

It’s no wonder protecting against cyber attacks can sometimes feel like a never-ending game of whack-a-mole. 

Building Expert-led Security Operations

We’ve arrived at a tipping point. It’s time to stop adding tools and complexity and start building security operations where cyber security experts are truly empowered to lead response. 

Many businesses seek to develop a robust security posture managed by in-house teams. Unfortunately, self-managed approaches often fall short in today’s sophisticated cyberthreat environment. Traditional Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM) systems gather data, but often result in blind spots and excessive noise from false positives. A highly trained and well-resourced team is required 24/7 to manage threats effectively. 

The DIY route is now harder than ever. Organisations frequently don’t want the expense of round-the-clock cyber security experts.

Even if they do, recruitment efforts come up against the great resignation conundrum. Many security professionals are thinking about resigning due to work pressures and cancelled leave. Skilled IT candidates are in demand, tempted into new roles by multiple job offers.

Developing A More Robust Security Posture

To overcome the shortcomings of tools and lack of resources, companies are increasingly leveraging the skills of a strategic security partner. Managed security operations enable organisations to boost internal teams and ensure a more robust, proactive security posture. Combining cost-effective access to the latest technologies along with 24/7 human expertise, Security Operations Centre as-a-Service (SOCaaS) solutions provide firms with a with an immediate response to threats, and expert-led learning to strengthen resilience over time.

A good SOCaaS provider will take a two-pronged approach:

Rapid tactical response:  Seek out a provider with proven abilities to detect real threats among false alerts, and act upon them as soon as they arise. Outsourcing to a proactive frontline team armed with the latest cloud-native technologies is an effective way to boost an organisation’s threat detection and response capabilities. The best SOCaaS providers will have a dedicated 24/7 team who will act rapidly to confirm or refute the threat and collaborate with the customer until an incident is resolved.

Focus on strategic implications:  You should also look for a partner who will help to improve your security operations over the long-term. Following a resolved incident, your MSP should help you better understand the strategic implications of an attack, working with an in-house team to identify areas of improvement and support remediation efforts.

As cyber threats grow, many IT teams lack expert resources and visibility across their entire attack surface to be able to detect threats and correlate events effectively. Organisations need strategic security partners who can detect threats quickly and analyse them for root causes, along with the in-depth knowledge of the evolving landscape to provide actionable steps to improve long-term security posture. 

Managed Security Operations Centre-as-a-Service (SOCaaS) solutions are a cohesive and scalable approach to cyber security that evolves as the threat landscape changes. Working as an extension of in-house teams, SOCaaS makes it fast and easy for organisations of any size to deploy world-class security operations that continually guard against attacks in an efficient and sustainable way.

Rob Smith is CTO with cloud services provider Creative ITC

You Might Also Read:

Why A Managed Security Service Provider Should Be On Your Cyber Roadmap:

 

« Protecting Medical Devices From Cyber Attacks
Ukraine Knocks Out A Russian Bot Network »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DataGuidance

DataGuidance

DataGuidance is a platform used by privacy professionals to monitor regulatory developments, mitigate risk and achieve global compliance.

Feedzai

Feedzai

Feedzai provide software that uses big data analysis and machine-based learning to prevent fraud in ecommerce.

International School of IT Security (ISITS)

International School of IT Security (ISITS)

The International School of IT Security (ISITS) is a leading provider of professional training in the field of IT Security.

Compass Security

Compass Security

Compass Security is a specialist IT Security consultancy firm based in Switzerland. Services include pentesting, security assessments, digital forensics and security training.

Dragos

Dragos

Dragos has built the first industrial cybersecurity ecosystem, the ultimate security defense.

Cognni

Cognni

Cognni (formerly Shieldox) will make your InfoSec think like a human, right out of the box, so you can focus on the bigger picture, keeping the information flow safe.

CSIRT-IE

CSIRT-IE

CSIRT-IE is the body within the NCSC that provides assistance to constituents in responding to cyber security incidents at a national level for Ireland.

Rentalworks

Rentalworks

Rentalworks is a leading provider of Internet-of-Things (IoT) Asset Lifecycle Management Services including secure data erasure and disposal.

AdaCore

AdaCore

AdaCore is focused on helping developers build safe, secure and reliable software.

JFrog

JFrog

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime.

QuantiCor Security

QuantiCor Security

QuantiCor Security is one of the world’s leading developers and manufacturers of quantum computer resistant security solutions for IT infrastructures and the Internet of Things (IoT).

Suridata

Suridata

Suridata’s SaaS Security platform enables organizations to secure the use of SaaS applications.

Grant Thornton

Grant Thornton

Grant Thornton is one of the world’s leading networks of independent assurance, tax and advisory firms.

RMRF Tech

RMRF Tech

RMRF is a team of cybersecurity engineers and penetration testers which specializes in the development of solutions for early cyber threat detection and prevention.

PT Kubus Hitam Indonesia

PT Kubus Hitam Indonesia

Kubus Hitam are a research-based company focused on cyber security. we strongly believe that innovation and safety are the two keywords for the future business market.

Resemble AI

Resemble AI

Resemble AI is an innovator in Generative Voice AI technology and tools to combat AI fraud including audio watermarking and deepfake detection.