Author: Rick Jones, CEO, DigitalXRAID
The White House recently described the approach needed to tackle security threats to businesses and critical infrastructure as a “whole of nation” effort. It was meant to convey the fact that government alone cannot do all the heavy lifting—that multiple stakeholders from across industry and internet users themselves have a responsibility to do the right thing. The same is true at an enterprise level. To mitigate surging cyber risk, under-staffed and under pressure security teams cannot shoulder the burden alone. They need help from external experts and their own employees to mount an effective response.
Fortunately, there are plenty of options available—to improve threat detection and response, build enhanced technical resilience and turn staff members into a formidable first line of defense.
The story so far
The cyber threats facing organizations today have not changed a great deal from those we saw before the pandemic. The difference is where they are targeted. The number of people working remotely during 2020 doubled from the previous year as businesses scrambled to protect staff and comply with government orders. But threat actors reacted quicker. They targeted phishing emails at distracted remote workers, probed for vulnerabilities in insecure laptops and VPNs, and hijacked remote desktop protocol (RDP) machines protected by weak or previously breached passwords. They stole data, installed ransomware, defrauded customers and much else besides.
Also Read: Top 3 Significant Barriers to Monitoring and Minimizing DCS Cybersecurity Risk
IT security departments were ill-prepared to cope with this onslaught. The industry has been suffering from major skills shortages and gaps for years, and with teams hit by absence and illness and forced to work remotely, their effectiveness was blunted. This hit every aspect of the security function, but especially detection and response. With a multitrillion-pound cybercrime economy at their disposal, the bad guys are finding it increasingly easy to infiltrate enterprise networks. It’s being able to rapidly spot their activity once inside that separates successful organizations from the rest.
Unfortunately, most organizations are still failing. It took 287 days on average for global firms to identify and contain a data breach last year. The longer they’re left inside networks, the bigger the fallout. In the UK, nearly two-thirds of mid-sized (65%) and large (64%) businesses suffered a breach last year, and losses to cybercrime and fraud continue to mount as a result: in the first half of 2021 they hit £1.3bn. Although this figure also included incidents affecting individuals, it’s a staggering amount that highlights the need for a proactive, company-wide approach to cybersecurity.
Looking outwards
For IT departments struggling to manage the impact of these trends, there are alternatives to the status quo. Security operations (SecOps) teams are an invaluable part of any security strategy, but it can be a challenge to recruit and retain the talent needed to staff them. That’s when an outsourced Security Operations Centre (SOC) proves to be a SMART investment. With skills shortages numbering over 27,000 professionals in the UK, and budgets as tight as ever, managed SOCs offer the best of both worlds. That means a 24/7/365 expert team always on call and ready to deal with inbound threats, but no ongoing staffing costs to manage.
Even better, your organization will benefit from the visibility these outsourced teams have into the broader threat landscape, across other customer environments. As well as prioritizing emerging threats to keep the organization safe, the intelligence they collect can be used to understand where the most critical security gaps are in the organization. Whether it’s an unpatched vulnerability or a misconfigured RDP endpoint, these can be mitigated to build resilience going forward. And the same data can be used by outsourced penetration testing teams to continually check for new bugs and gaps.
Also Read: Why Mergers and Acquisitions Boom Might Be a Data Security Disaster
Building a security-first culture
Perhaps the most important part of an enterprise security strategy is the culture that wraps around it. It’s also the hardest thing to get right. Humans are fallible creatures. We’re prone to get distracted, make mistakes and do the wrong thing from time to time. From a security perspective, these mistakes could have a catastrophic impact—88% of breaches have been traced back to human error. But the good news is that we’re also creatures of habit. Learn the good ones, and these can help to build a stronger security-centric culture with people at its heart.
So where do you start? Training and awareness programs are a great first step. They should make use of phishing simulation platforms that can be used to automatically test employees against the latest scams and feedback on how they’re performing. These exercises should be run little and often, to reinforce good behaviors and get security front-of-mind. Remember also to include everyone from the CEO down to temps and contractors. Anyone with network access is a potential insider risk. IT leaders should also take time out to explain to employees the potential impact of their decisions. A misplaced click leading to a serious breach could even result in job losses down the line if it has a big enough reputational and financial impact on the organization.
For enterprises on a budget, there are plenty of courses available free-of-charge, albeit with limited functionality. Also consider reaching out to expert third parties for tailored help and advice. The bottom line is we’re all working against a common adversary. Regaining the initiative against these cyber-criminals will require not just a “whole of company” but a “whole of industry” response.
For more such updates follow us on Google News ITsecuritywire News