Re-strategising Resilience In The Remote Working Age

Uploaded on 2022-08-22 in TECHNOLOGY--Resilience, FREE TO VIEW

Every year new cyber security technologies emerge - yet breaches continue to hit the headlines. Resource-constrained IT leaders are left wondering how to proceed. So, is cyber security actually broken?

It’s well understood that the difference between a cyber attack failing or succeeding usually depends on speed of action. But even when firms invest in the latest technologies to boost threat detection and response, breaches still occur.

All too often the problem is not because a tool failed to raise an alert, but because it was missed or ignored. Two in five UK IT teams are overwhelmed by security alerts and over half admit they’ve ignored a cyber security issue to prioritise other business activity. The surge in remote working is only exacerbating the issue. Over half of security leaders (52%) feel hard pressed to protect employees’ mobile devices.

Mind The Gap

As cyber crime increases, organisations react by adding more tools. Yet, threats still slip through the gaps. A recent survey confirmed many IT security teams are overstretched and ill-equipped. Over a quarter (27%) aren’t able to spot a real threat, and an astonishing 30% admit to not knowing how to use their security tools effectively. Tools alone are clearly not enough.

The most common causes of cyber breaches are:

Human error:  Unintentional user actions (or inactions) that cause, spread or allow a breach are estimated to account for 95% of security issues.

Infrastructure complexity:  With a growing attack surface that extends past corporate networks and firewalls to the homes of hybrid workers, defence is only as strong as the weakest link.

Lack of resources:  Overwhelmed by security alerts, stretched in-house teams covering the whole IT stack might not be able to provide 24/7 expert support.

Poor governance and training:  Watch out for employee negligence, inadequate training on new threat detection tools, weak password management, irregular patching, and unclear threat handling and escalation processes.

Budget constraints:  Too many organisations prioritise other business areas over investing sufficiently in cybersecurity. Moreover, SMB and mid-market businesses don’t have deep pockets like global players, yet they are equally in the firing line as they’re softer targets.

It’s no wonder protecting against cyber attacks can sometimes feel like a never-ending game of whack-a-mole. 

Building Expert-led Security Operations

We’ve arrived at a tipping point. It’s time to stop adding tools and complexity and start building security operations where cyber security experts are truly empowered to lead response. 

Many businesses seek to develop a robust security posture managed by in-house teams. Unfortunately, self-managed approaches often fall short in today’s sophisticated cyberthreat environment. Traditional Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM) systems gather data, but often result in blind spots and excessive noise from false positives. A highly trained and well-resourced team is required 24/7 to manage threats effectively. 

The DIY route is now harder than ever. Organisations frequently don’t want the expense of round-the-clock cyber security experts.

Even if they do, recruitment efforts come up against the great resignation conundrum. Many security professionals are thinking about resigning due to work pressures and cancelled leave. Skilled IT candidates are in demand, tempted into new roles by multiple job offers.

Developing A More Robust Security Posture

To overcome the shortcomings of tools and lack of resources, companies are increasingly leveraging the skills of a strategic security partner. Managed security operations enable organisations to boost internal teams and ensure a more robust, proactive security posture. Combining cost-effective access to the latest technologies along with 24/7 human expertise, Security Operations Centre as-a-Service (SOCaaS) solutions provide firms with a with an immediate response to threats, and expert-led learning to strengthen resilience over time.

A good SOCaaS provider will take a two-pronged approach:

Rapid tactical response:  Seek out a provider with proven abilities to detect real threats among false alerts, and act upon them as soon as they arise. Outsourcing to a proactive frontline team armed with the latest cloud-native technologies is an effective way to boost an organisation’s threat detection and response capabilities. The best SOCaaS providers will have a dedicated 24/7 team who will act rapidly to confirm or refute the threat and collaborate with the customer until an incident is resolved.

Focus on strategic implications:  You should also look for a partner who will help to improve your security operations over the long-term. Following a resolved incident, your MSP should help you better understand the strategic implications of an attack, working with an in-house team to identify areas of improvement and support remediation efforts.

As cyber threats grow, many IT teams lack expert resources and visibility across their entire attack surface to be able to detect threats and correlate events effectively. Organisations need strategic security partners who can detect threats quickly and analyse them for root causes, along with the in-depth knowledge of the evolving landscape to provide actionable steps to improve long-term security posture. 

Managed Security Operations Centre-as-a-Service (SOCaaS) solutions are a cohesive and scalable approach to cyber security that evolves as the threat landscape changes. Working as an extension of in-house teams, SOCaaS makes it fast and easy for organisations of any size to deploy world-class security operations that continually guard against attacks in an efficient and sustainable way.

Rob Smith is CTO with cloud services provider Creative ITC

You Might Also Read:

Why A Managed Security Service Provider Should Be On Your Cyber Roadmap:

 

« Protecting Medical Devices From Cyber Attacks
Ukraine Knocks Out A Russian Bot Network »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Nozomi Networks

Nozomi Networks

Nozomi Networks is a leader in Industrial Control System (ICS) cybersecurity, with a comprehensive platform to deliver real-time cybersecurity and operational visibility.

Idaho National Laboratory (INL)

Idaho National Laboratory (INL)

INL is an applied engineering laboratory dedicated to supporting the US Dept of Energy's missions in energy research, nuclear science and national defense including critical infrastructure protection.

Ekran System

Ekran System

Ekran System is an advanced insider threat detection solution for companies of any size.

Computer Forensics Consult (CFC)

Computer Forensics Consult (CFC)

Computer Forensics Consult provides disaster recovery, computer forensics, electronic discovery and litigation support services in the growing area of Cyber Security.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyscale

Cyscale

Cyscale automates the contextual analysis of cloud misconfigurations, vulnerabilities, access, and data, to provide an accurate and actionable assessment of risk.

National Cybersecurity Student Association (NCSA)

National Cybersecurity Student Association (NCSA)

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration.

CYRail

CYRail

CYRail project will analyse threats targeting Railway infrastructures and develop innovative attack detection and alerting techniques.

Ergo

Ergo

Ergo is a world-class IT Partner of choice, leveraging the latest technology available in cloud, mobility, big data, analytics, and social media.

Deepnet Security

Deepnet Security

Deepnet Security is a leading security software developer and hardware provider in Multi-Factor Authentication (MFA), Single Sign-On (SSO) and Identity & Access Management (IAM).

Secure Digital Solutions (SDS)

Secure Digital Solutions (SDS)

Secure Digital Solutions is a leading consulting firm in the business of information security providing cyber security program strategy, enterprise risk and compliance, and data privacy.

Hunton Andrews Kurth

Hunton Andrews Kurth

Hunton Andrews Kurth LLP serves clients across a broad range of complex transactional, litigation and regulatory matters. Practice areas include Privacy and Cybersecurity.

11:11 Systems

11:11 Systems

11:11 Systems synchronizes every aspect of network services for your business. Build your network with the industry’s most trusted expert skills.

Gravitee

Gravitee

Gravitee helps organizations manage and secure their entire API lifecycle with solutions for API design, management, security, productization, real-time observability, and more.

Sekur Private Data

Sekur Private Data

Sekur Private Data Ltd. is a Cybersecurity and Internet privacy provider of Swiss hosted solutions for secure communications and secure data management.