Jon Pratt, CIO at 11:11 Systems, discusses cybersecurity resourcing and the benefits of Managed Security Services.
Despite a global spend of over US$130 billion on cyberdefense and thousands of vendors now active in the cybersecurity marketplace, the environment is getting worse when it comes to security risk.
The number, nature and severity of cybersecurity breaches continues to escalate since the pandemic began. In fact, a security breach or ransomware attack has been recorded every 11 seconds so far through 2022 and 61% of organizations report at least one attack every year.
Considering this increasingly sophisticated threat landscape, modern organizations are resetting their expectations. Where legacy security tech stacks have failed to keep up with the evolving threat landscape, IT leaders are continually seeking new ways to develop a stronger security posture, without having to start from scratch.
Finding the right talent to tackle this is an on-going challenge. The continued global cyber skills shortage shows no sign of abating, as the ever-evolving threat landscape drives expectations for an increasingly broad security knowledge base and skill sets.
As a result, there are now millions of positions going unfilled globally and this, in turn, is creating a huge demand, with internal staffing resources becoming prohibitively expensive.
CISOs want solutions that put their organizations into the right security posture and that will allow them to manage risk more effectively. Cyber insurance is one aspect, as it provides an extra layer of protection in the event of an attack by enabling security leaders to transfer cybersecurity risk to the insurance company.
But do cyber insurance premiums cover all ransomware attacks and are CISOs getting the gap analysis right? Given all the risk inherent with cyber insurance, the requirements to obtain a policy has become increasingly difficult, on top of a significant trend up for the cost of protection, rising an average of 30% year-on-year and there are no signs of this slowing down.
Compliance and reporting are a further challenge that CISOs cannot ignore. To be certified and compliant, not only must all standards and regulations be met, but security leaders must ensure adequate and timely reporting. So how can security leaders navigate these challenges? How can they approach resourcing and what are the key technologies that will enable them to unlock best practices?
Cybersecurity frameworks and mission critical technologies
The NIST Cybersecurity framework has been developed to guide IT security professionals in evaluating their security posture and improving their risk mitigation. This framework helps organizations to ensure that they have the right systems to provide an adequately robust approach to cybersecurity.
It covers five actionable risk management strategies: ‘identifying,’ ‘protecting’, ‘detecting’, ‘responding’ and ‘recovering’ from a cybersecurity attack.
No matter where the end-user is, vulnerabilities exist. Tens of thousands of new vulnerabilities are posted per year, approximately 55 new vulnerabilities are posted every day. While in-house IT teams can only solve some of these, around 5% pose a real risk – those that can be remotely exploited and have already been weaponized.
It is critical to assess, prioritize and remediate the most important risks to the network and business with Continuous Risk Scanning, which provides a view of all assets that exist within a network environment and advises teams to focus on the vulnerabilities that most put those assets at risk.
With the explosion in distributed networks, data today lives everywhere. Enabling secure connectivity and managing it ‘where it exists’ – across multiple sources and devices – is part of the challenge. Where security professionals often do not have the time to prioritize network security, these environments change constantly and require real-time analysis and augmentation.
Managed firewalls relieve security professionals from having to maintain the rule sets at the entry point to the network, while also providing the benefit of lessons learned from a broader set of organizations.
Even more critical to ensuring network security, CISOs need the intelligence in the network to look more holistically at the behavior of the traffic, incorporating different data sources and automatically identifying what is good and bad traffic.
From here, appropriate technologies must be employed, such as intrusion prevention, network anti-virus and SD WAN to provide safety to all users in real-time and ensure seamless secure connectivity.
Today, organizations have more apps, more data, more locations and more remote users than ever before. Alert fatigue is a real problem, assuming every element is even being monitored. Millions of daily notifications warn of potential security dangers and, while some can be discarded, others must be acted on immediately.
Managed SIEM solutions enable security professionals to log cyberattack events and to cross-analyze and aggregate the details into an actionable format. They enable CISOs to react quickly, and to provide value during the heat of the incident, at the very time it’s needed, identifying how the security breach happened and how to prevent it from doing more damage.
When we think about response, we are really talking about Managed Endpoint Detection and Response (EDR) providing next generation endpoint security that can quickly identify and stop abnormal behaviors. Cybercrime is becoming more sophisticated and attack vectors are everywhere, particularly since the move to remote working.
The end-user is the biggest vulnerability in any network environment and education is important. But the risk still exists, no matter how much training is given and it is critical to proactively protect the end-point every single day.
Unplanned downtime can result in irrecoverable, long-term damage to the organization, customers and reputation. The impact of a disaster event can include revenue loss, customer churn and – in a worst-case scenario – the inability to continue business operations.
Here, recovery requires proactive data backup and replication. Secure Cloud Backup delivers easy and cost-effective offsite data backup to achieve 3-2-1 protection best practices. The service provides a reliable safety net for a range of data loss events including malicious or accidental deletions, hardware failures and cybercrime.
Additionally, Disaster Recovery-as-a-Service (DRaaS) can combine the right people, processes and technology to prepare the business for disaster events and ensure a quick and successful recovery.
Improving defenses with Managed Security Services Providers (MSSP)
Given the complexity, severity and 24/7 nature of the evolving threat landscape, the increasing requirement to meet compliance requirements, and the costs and limitations of in-house resources, the right MSSP can offer CISOs a great solution to address their need for affordable and trustworthy protection from cybercrime.
The global managed security services market is predicted to reach US$356.24 billion by 2025, so it’s clear that more security professionals than ever are turning to MSSP solutions to bolster their defenses.
Not only do they enable access to a team of dedicated security experts and the very latest technologies, but they also deliver benefits such as cost savings, compliance and risk mitigation, scalability, and access to innovative technologies.
These specialist support teams address all organizational security needs, with dedicated teams, state-of-the-art technology, facilities and processes that monitor and manage the simplest to the most complex of security incidents.
Many will provide organizations with help in developing a continuous improvement process to protect their business as the threat landscape continues to evolve. They also factor in business impact analysis and use prioritization methodology to identify and focus on resolving those that matter most to the organization.Click below to share this article