Modernising SecOps: It’s Time To Unpick The Complex Matrix

Uploaded on 2022-10-05 in TECHNOLOGY--Resilience, FREE TO VIEW

Urgent solutions to support remote and distributed workforces have fuelled transformation across the business world. In response, hackers have also upped their capabilities. 

Today, the hackers’ bag of tricks is increasingly targeted and complex, meaning awareness, vigilance, and education are vital weapons and our most critical line of defence. Every day 450,000 new pieces of malware are detected, and 3.4 billion phishing emails hit inboxes. Nearly half of organisations responding to SANS Institute's latest survey listed malware such as ransomware as a significant concern. 

Just as organisations embrace modern working and next-generation technologies, security operations must modernise, going beyond responsive defence to build in resilience through proactive protection. Modern SecOps leverages personnel, processes, and tools to promote measurable results in securing infrastructure and business processes. 

Our latest research breaks down the core priorities for today’s SecOps modernisation. In a world where cyber criminals are capitalising on business growth and ever-changing business patterns, it's time to stop hackers dead in their tracks by benchmarking SecOps status and taking proactive steps to transform it. Spanning the fundamentals of people, process, and technology, a new approach that tackles the obstacles and builds a shared framework to ensure business resilience is mission critical.  

The Perennial People Problem

61% of businesses say that staffing and workforce are their primary SecOps concern. The human factor is an ongoing challenge for SecOps, but there exists a duality. On the one hand, people have become the primary attack vector for cyber attackers; humans rather than technology now represent the most significant risk to organisations. 

To effectively manage human risk, people are also the solution. For example, security awareness professionals are vital in managing workforce education - the most mature security awareness programmes have the largest number of people dedicated to managing and supporting it. 

However, the similarly well-recognised cyber security skills crisis still rages. 62% of organisations struggle with staffing cyber roles. There are myriad reasons why this challenge persists. Data growth, technological changes, and compliance requirements make maintaining adequate cyber talent and resourcing challenging due to the complexity and cost of maintaining these capabilities. 

Retention complicates this dynamic. Where talent exists, 64% report SecOps personnel are professionals with five years or less experience. Cyber professionals will often endure the strain of SecOps work at the start of their careers, but most do not want that to define their career long-term. 

In response, many organisations are increasingly outsourcing cyber functions to distributed global and managed security service providers. However, security orchestration, automation, and response (SOAR) tools have also become standard, deployed in many security operations centres to increase the efficacy of existing staff. 

Automation Meets The Human Factor

A SecOps analyst must detect and respond to a high-severity incident within an hour. 

Staff shortages impact response times, yet the expectations of organisations to remedy issues remain high. We asked organisations what the average mean downtime they would be willing to accept during a high-severity incident, such as a ransomware attack. Nearly a quarter said they would tolerate six hours, 20% reported 24 hours, and 13% reported one hour. Stakeholder expectations of downtime don’t align with resourcing commitments. 

With this in mind, security orchestration, automation, and response (SOAR) tools that quicken response times and ensure greater accuracy can be considered part of any SecOps modernisation strategy.

The rapid evolution of technology produces more signals for a cyber analyst to evaluate, driving requirements for automation. SOAR tools help human analysts do vital SecOps work quickly and effectively by automating routine actions, resulting in fewer mistakes, while orchestration among many systems provides efficiency. Such tools empower SecOps professionals to make decisions confidently while empowering the organisation to implement limits on what any individual can do. This maintains separation of duties within compliance, policy, and legal constraints to minimise the likelihood of system damage and legal liability.

However, while SOAR is complementary to SecOps functions, it is not a silver bullet for staffing shortages. Organisations told us that incident response (34%) and automation (15%) are listed as the greatest SecOps strengths, although 30% of respondents also noted automation as one of their SecOps programme’s most significant weaknesses. These findings indicate that SOAR can increase the efficacy of existing staff but can’t replace staffing entirely.

Artificial intelligence and machine learning can boost analytical procedures and help humans scale their analytical functions but cannot replace human talent. A modern SecOps strategy will appreciate this delicate balance and weigh investment in recruitment and retention alongside essential tools and technologies. 

Realising SecOps Modernity 

There is a desperate need to mature SecOps programmes. Cyber staffing shortages are the overarching challenge - the SecOps industry cannot secure data with the available workforce, and SOAR is not a cure-all. 

 Modernisation through technology is a vital part of the modernisation matrix. Still, it is clear that much more needs to be done to close gaps in knowledge, skills, awareness, and compliance - this can be seen as the bedrock of the cyber security process. As such, knowledge is the foundation of any modernisation effort. Only once people, processes and technology are equally matched will modernisation come to fruition. 

John Davis is UK & Ireland Director at SANS Institute  

You Might Also Read:

The Cyber Delusion Challenge For Small & Medium Businesses:

 

« Lessons From The Cyber Front Line
Pivoting Customers' Mindsets For Cloud Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ITQ

ITQ

ITQ is an IT consulting firm with a focus on the entire VMware-product portfolio with three main services: Professional Services, Support Services and Managed Services.

RIVA Solutions

RIVA Solutions

RIVA provides innovative best practices in IT and management consulting, program support services and emerging technologies.

Teramind

Teramind

Teramind provides a user-centric security approach to monitor employee behavior in order to identify suspicious activity, detect possible threats, monitor efficiency, and ensure industry compliance.

Swiss Cyber Storm

Swiss Cyber Storm

Swiss Cyber Storm is a non profit organization hosting the international Swiss Cyber Storm Conference and running the Swiss part of the European Cyber Security Challenges.

Quokka

Quokka

Quokka (formerly Kryptowire) is the source for mobile security and privacy solutions, staying steps ahead of the threat and delivering peace of mind.

swIDCH

swIDCH

swIDch is a technology company that aims to eliminate CNP (card not present) Fraud.

PurpleSynapz

PurpleSynapz

PurpleSynapz provides hyper-realistic Cyber Security Training with a modern curriculum and Cyber Range.

Trava Security

Trava Security

Trava simplifies cyber risk management for business owners and IT professionals. Automated assessments, mitigation advising, and data-driven cyber insurance.

Shearwater Group

Shearwater Group

Shearwater Group is an award-winning organisational resilience group that provides cyber security, advisory and managed security services to help secure businesses in a connected global economy.

Innefu Labs

Innefu Labs

Innefu is an Information Security R&D startup, providing cutting edge Information Security & Data Analytics solutions.

Quantropi

Quantropi

Quantropi is bound to be the standard for quantum-secure data communications – forever unbreakable, no matter what.

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services is a premier Managed Internet Technology (I.T.) company with a focus in cybersecurity risk management and CMMC compliance management.

ResilientX

ResilientX

ResilientX is an All-In-One Security Testing Platform designed to help MSPs and SMBs to perform their security testing and assessments without having to outsource IT.

Secuvy

Secuvy

Secuvy leads in data security, privacy, compliance, and governance, offering a unified platform for proactive data discovery, management, protection, and enhanced data value.

Harrison Clarke

Harrison Clarke

Harrison Clarke is a leading staffing and recruiting firm in the Cloud, Cybersecurity, Data & AI space.

SecuCenter

SecuCenter

Secucenter is a trusted partner for SOC services, offering security expertise in a cost-effective way.