Re-strategising Resilience In The Remote Working Age

Uploaded on 2022-08-22 in TECHNOLOGY--Resilience, FREE TO VIEW

Every year new cyber security technologies emerge - yet breaches continue to hit the headlines. Resource-constrained IT leaders are left wondering how to proceed. So, is cyber security actually broken?

It’s well understood that the difference between a cyber attack failing or succeeding usually depends on speed of action. But even when firms invest in the latest technologies to boost threat detection and response, breaches still occur.

All too often the problem is not because a tool failed to raise an alert, but because it was missed or ignored. Two in five UK IT teams are overwhelmed by security alerts and over half admit they’ve ignored a cyber security issue to prioritise other business activity. The surge in remote working is only exacerbating the issue. Over half of security leaders (52%) feel hard pressed to protect employees’ mobile devices.

Mind The Gap

As cyber crime increases, organisations react by adding more tools. Yet, threats still slip through the gaps. A recent survey confirmed many IT security teams are overstretched and ill-equipped. Over a quarter (27%) aren’t able to spot a real threat, and an astonishing 30% admit to not knowing how to use their security tools effectively. Tools alone are clearly not enough.

The most common causes of cyber breaches are:

Human error:  Unintentional user actions (or inactions) that cause, spread or allow a breach are estimated to account for 95% of security issues.

Infrastructure complexity:  With a growing attack surface that extends past corporate networks and firewalls to the homes of hybrid workers, defence is only as strong as the weakest link.

Lack of resources:  Overwhelmed by security alerts, stretched in-house teams covering the whole IT stack might not be able to provide 24/7 expert support.

Poor governance and training:  Watch out for employee negligence, inadequate training on new threat detection tools, weak password management, irregular patching, and unclear threat handling and escalation processes.

Budget constraints:  Too many organisations prioritise other business areas over investing sufficiently in cybersecurity. Moreover, SMB and mid-market businesses don’t have deep pockets like global players, yet they are equally in the firing line as they’re softer targets.

It’s no wonder protecting against cyber attacks can sometimes feel like a never-ending game of whack-a-mole. 

Building Expert-led Security Operations

We’ve arrived at a tipping point. It’s time to stop adding tools and complexity and start building security operations where cyber security experts are truly empowered to lead response. 

Many businesses seek to develop a robust security posture managed by in-house teams. Unfortunately, self-managed approaches often fall short in today’s sophisticated cyberthreat environment. Traditional Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM) systems gather data, but often result in blind spots and excessive noise from false positives. A highly trained and well-resourced team is required 24/7 to manage threats effectively. 

The DIY route is now harder than ever. Organisations frequently don’t want the expense of round-the-clock cyber security experts.

Even if they do, recruitment efforts come up against the great resignation conundrum. Many security professionals are thinking about resigning due to work pressures and cancelled leave. Skilled IT candidates are in demand, tempted into new roles by multiple job offers.

Developing A More Robust Security Posture

To overcome the shortcomings of tools and lack of resources, companies are increasingly leveraging the skills of a strategic security partner. Managed security operations enable organisations to boost internal teams and ensure a more robust, proactive security posture. Combining cost-effective access to the latest technologies along with 24/7 human expertise, Security Operations Centre as-a-Service (SOCaaS) solutions provide firms with a with an immediate response to threats, and expert-led learning to strengthen resilience over time.

A good SOCaaS provider will take a two-pronged approach:

Rapid tactical response:  Seek out a provider with proven abilities to detect real threats among false alerts, and act upon them as soon as they arise. Outsourcing to a proactive frontline team armed with the latest cloud-native technologies is an effective way to boost an organisation’s threat detection and response capabilities. The best SOCaaS providers will have a dedicated 24/7 team who will act rapidly to confirm or refute the threat and collaborate with the customer until an incident is resolved.

Focus on strategic implications:  You should also look for a partner who will help to improve your security operations over the long-term. Following a resolved incident, your MSP should help you better understand the strategic implications of an attack, working with an in-house team to identify areas of improvement and support remediation efforts.

As cyber threats grow, many IT teams lack expert resources and visibility across their entire attack surface to be able to detect threats and correlate events effectively. Organisations need strategic security partners who can detect threats quickly and analyse them for root causes, along with the in-depth knowledge of the evolving landscape to provide actionable steps to improve long-term security posture. 

Managed Security Operations Centre-as-a-Service (SOCaaS) solutions are a cohesive and scalable approach to cyber security that evolves as the threat landscape changes. Working as an extension of in-house teams, SOCaaS makes it fast and easy for organisations of any size to deploy world-class security operations that continually guard against attacks in an efficient and sustainable way.

Rob Smith is CTO with cloud services provider Creative ITC

You Might Also Read:

Why A Managed Security Service Provider Should Be On Your Cyber Roadmap:

 

« Protecting Medical Devices From Cyber Attacks
Ukraine Knocks Out A Russian Bot Network »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

FireEye

FireEye

FireEye delivers unmatched detection, protection and response technology through an extensible and flexible cloud-based XDR platform.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions is the manufacturer of the mobile device management solution Cortado MDM.

Corero Network Security

Corero Network Security

Corero Network Security is dedicated to improving the security of the Internet through the deployment of its innovative DDoS & Network Security Solutions.

Vera Security

Vera Security

Vera is a data security platform that provides 360-degree visibility and control over critical business data, anywhere it's shared or stored.

Rafael

Rafael

Rafael has more than 15 years of proven experience in the cyber arena providing solutions for national security as well as commercial applications.

Trapmine

Trapmine

TRAPMINE is an innovative cybersecurity products company mainly focusing on protecting organizations from Advanced Persistent Threat & Zero-Day attacks.

VIPRE Security Group

VIPRE Security Group

VIPRE Security Group is an award-winning global cybersecurity, privacy and data protection company.

Allthenticate

Allthenticate

Allthenticate Single Device Authentication (SDA), enables seamless authentication in both the physical and digital words while unifying management in one easy-to-use interface.

CyberWhite

CyberWhite

CyberWhite is a disruptive provider of cyber security and risk mitigation solutions.

Falcongaze

Falcongaze

Falcongaze SecureTower is a comprehensive DLP solution for the protection of business against internal threats.

OwnBackup

OwnBackup

OwnBackup proactively prevents you from losing mission-critical data and metadata with automated backups and rapid, stress-free recovery.

SLVA Cybersecurity

SLVA Cybersecurity

SLVA Cybersecurity excel at delivering security-as-a-service, fit-for-purpose, within the constraints of realistic budgets and business expectations.

Druva

Druva

Druva is the industry’s leading SaaS platform for data resiliency, and the only vendor to ensure data protection across the most common data risks backed by a $10m guarantee.

Atlas Cloud

Atlas Cloud

Atlas Cloud is a UK-wide provider of managed services based in Newcastle. Our ‘research-led’ approach to IT services helps leaders make better decisions about IT for their businesses.

SafeAeon

SafeAeon

SafeAeon is a leading Cybersecurity-as-a-Service provider, offering 24x7 premium Managed Security Services with AI-powered and Human-driven 24x7 SOC.

Reclaim Security

Reclaim Security

Reclaim Security is your always-on force multiplier, empowering security teams to eliminate threat exposure using your existing security stack.