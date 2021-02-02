The C-suite is facing a new challenge when it comes to optimizing cybersecurity. Over the past year, CEOs and CISOs have witnessed a perfect storm. Contributing forces include: A greater need for strong cybersecurity in the face of heightened cybercriminal activity, a remote workforce adjusting to dispersed device protection, and a reduced budget. Indeed, a recent Kaspersky report found that the average IT security budget for enterprises in 2020 was $14 million – a drop of 26% compared to 2019’s figures.

When top management is expected to achieve heightened protection with fewer resources, it’s time to think outside the box, and outside the company.

Remote work calls for remote protection

To better protect an increasingly dispersed workforce, it is clear that simply protecting the perimeter is no longer enough. There needs to be a change in how remote devices are safeguarded, driven by the wider adoption of cloud services, VPN, privileged access management, multifactor authentication, stricter monitoring, and updated emergency protocols.

This new approach will help organizations address the short-term, COVID-driven, working from home trend. And it will help to prepare an organization to protect itself in the future when global headquarters shift to regional offices and local offices turn into micro-offices that staff only visit on certain occasions. C-level executives can no longer consider everything going on inside the network as 'trusted' and the outside as ‘untrusted.’ Instead, they must prepare for a longer-term scenario where workers needs the utmost protection wherever they reside. Cybersecurity assessments and certification of home workspace environments should become best practice.

Skills shortages are here to stay

Unfortunately, the above pressure points have arrived during a global cybersecurity skills shortage. At the same time, cybersecurity specialties are being split into very narrow niches such as database security, personal data protection, and network security. This presents a conflict between the industry’s general trajectory, and the resources that are available to respond right now. Simply hiring staff for each specific role may be too expensive for smaller businesses and even for larger enterprises, especially in the current climate.

Why an outsourcing model is the answer

A strategy to mitigate these challenges – remote protection, staff expertise gaps, and budget constraints – embraces a managed service-provider model. By relieving internal pressure, the C-suite can not only overcome present-day challenges, but can gain expertise and solutions that are tailored to their needs, that strengthen their cybersecurity reach, and that ultimately protect their more dispersed network.

This is why more than two-thirds (69%) of businesses are currently planning to use an MSSP model over the next 12 months, as they look to better transition business costs from CAPEX to OPEX in these constrained times. In everyday life, we use numerous consumer services to help us with tasks and challenges. Why shouldn't businesses adopt the same approach when it comes to cybersecurity?

SOCs need to draw upon external expertise to see the bigger picture

After a year in which remote working has triggered a steep rise in cyberattacks, Security Operation Center (SOC) team leads need to look deeper into their cybersecurity infrastructures and to get ahead of the game. More than anything, they need to better understand the attackers themselves: what they want to do, how they plan to do it and with what tools, what the targets are, and to what extent they may have already succeeded. This is a story of strategic confrontation between two groups - attackers and security operation teams.

Stopping specific threats is no longer enough

Unfortunately, 39% of enterprise organizations have experienced a targeted cyberattack in the past year,[i] and 28% go on to establish the link between targeted attacks and data losses. This shows that while it is important to remain aware of the latest threats in order to prevent an attack, it is not enough just to stop specific codes of malware. A wider infrastructure and culture of protection needs to be developed. To this end, the need for deeper threat analysis, threat modelling, and more of a proactive approach to threat detection and response is paramount.

An increasingly complex landscape

At present, there are numerous challenges hindering this approach. Enterprises are lacking infrastructure visibility, consistent management, technical skills, and threat intelligence – all of which were listed as challenges by between 30% and 40% of larger enterprises in a recent Kaspersky study. Additional challenges when protecting against complex incidents include an inability to detect threats among a deluge of alerts, failing to properly respond and clean up after a complex incident, and even regulatory compliance.

Essentially, overall detection accuracy and filtering capability isn’t where it needs to be, leaving systems and companies more vulnerable than ever before.

How SOC leaders should prepare

For SOC team leads, it is vital to gain summarized information on specific malefactors and to get ahead of the game. However, with 43% of security analysts confirming they do not have a clear picture of the whole company’s IT landscape at present, the answer can lie in outsourcing to vendors who can assist in these efforts. Enterprise cyber security leaders can use a managed detection and response service that automatically integrates and correlates threat indicator data across multiple vectors (whether endpoints, cloud, network, or email) so they can assess and respond through a single interface. Such a service can also enrich an organization’s in-house expertise with insights and second opinions from the service provider’s SOC analysts and threat intelligence. Meanwhile, response actions can be performed through a dedicated EDR solution.

The threat landscape is evolving, but companies don’t have to face it alone. SOC team leads should broaden their horizons to gain complementary expertise in their ongoing confrontation with attackers.

