We’re now well into 2022, and many of the trends that we saw – and predicted – at the end of 2021 are still underway. Attack volumes and cybersecurity spending continue to rise, with the average cost of a data breach having surged to $4.24 million in 2021 to reach a new 17-year high. Along with costs, breach numbers and impacts are also up. There’s little doubt that the threat landscape remains extremely challenging, even while maintaining operational continuity grows ever more important to modern digital businesses.
To take a closer look at how highly effective, pragmatic cybersecurity services can help organizations meet these challenges, we sat down with three industry experts from our team.
Matt Wilson is an Information Security Advisor with over 15 years of experience in network security, policy assessment and development, penetration testing and network assessment for clients ranging from Fortune 500 companies to small local businesses. David Menichello is Director of Advisory Services. He helps clients design, implement, and maintain information security programs that are practical, effective, commensurate with risk and aligned with business strategy. Kevin Walter also weighed in. As the Director of Security CX, he leverages his extensive experience in security operations to help clients expand their cloud presence.
In the following two-part roundtable discussion, Matt, Dave, and Kevin will talk about the current threat landscape, outsourcing trends in cybersecurity, and what organizations can do to build a robust security operations program.
Q: What are the greatest challenges that today’s security operations teams face? How did these challenges arise, and how are they evolving?
Kevin: The biggest thing that comes to mind for me is the proliferation of threats: how they’ve both evolved and multiplied. These days, you can’t go a week without hearing of an exploit or breach that’s important enough to reach the mainstream media.
Dave: I agree with that. The exploits are now being weaponized much faster, and adversaries are more sophisticated. It’s tough for security teams to keep up with this pace, which has made the need for 24×7 monitoring much more apparent. Ten years ago, you might have been able to get away with just doing simple things like log aggregation and spot checking; today, it’s a business imperative to have ongoing monitoring in real time. Response capabilities are also essential.
Matt: What I’d add to that is that security now has much more mindshare among executives. What happened during the COVD-19 pandemic only increased this. I’ve noticed much more interest among board members and in the C-suite, which is also driving investment. COVID also forced a lot of people to take a much closer look at their security infrastructure. Whereas before, people tended to assume that any architecture that was behind a firewall was safe, after COVID, there were many more questions for security operations – questions like, “How are we getting the visibility we need?” and “How can we provide security to employees regardless of where they are working?”
Q: How does this changing threat landscape impact what your clients are asking for? How does it dovetail with demand for your services?
Kevin: There’s interest in 24×7 monitoring, for sure, but another issue is that defensive tools have become more sophisticated, which means people are looking for more help managing them. We still encourage people to adopt an “assume breach” mindset and be prepared to respond quickly and effectively if they get hacked. But we also have better tools to prevent attacks like ransomware from succeeding. Corporate leaders are realizing that not only can outsourcing to a third-party provider give them an enterprise-grade security operations center (SOC) for much less money, but it’ll take significantly less time to get it up and running – and will deliver value by reducing risk that much more quickly.
Matt: Not only are boards and executives making meaningful investments, but they’re asking questions like, “What else could we be doing?” Even if they’re not technical experts, today’s leaders know enough to worry about where their blind spots are.
Dave: I’d say there’s more openness to outsourcing these capabilities to a third-party expert. Putting together an effective security program is extremely difficult, especially for small to midsize organizations. You need to assemble the right technologies, but you also need to put together a talented team that’s trained in security. And you need to establish and follow good, consistent processes. Plus, not only do you need to achieve all of this, but you need to maintain it over time. That’s tricky. Staff members want growth and career mobility, which can challenge a small security function.
Matt: Many times, organizations know that they’re not going to be able to hire and retain the right talent because they tried in the past and weren’t successful.
Dave: With the media attention that ransomware has received over the past year, executives are asking much more direct questions today, too. We hear, “How exposed are we to ransomware risk?” quite often. We’re seeing a need for narrowly-focused engagements – like ransomware exposure assessments – that can deliver immediate value by answering that question with results that are actionable. Our testing has come a long way. Today we have simulation technology so we can deploy fake “ransomware” that behaves just as an advanced persistent threat (APT) would within a network. So, clients can see how quickly it propagates, how many systems it affects, and how fast they’re able to detect it. That’s data you can act on.
Q: How does an organization know when they need help with security operations? What are some of the biggest warning signs they should look for?
Matt: Often, people come to us because they’ve identified their own inability to execute with quality. Sometimes this is for strategic functions – like our CISO Advisory Services – and other times, it’s something more tactical like vulnerability management. Sometimes it’s an issue of cost, but other times it’s a question of long-term viability. They might be able to get away with doing this on their own for a year or two, but staffing issues arise over time.
Kevin: There are four main elements we think people should consider. Two are costs – there’s the ongoing expense of staffing as well as the hardware and software costs. Then, there’s time-to-value. It can take 16 months or longer to build and deploy a SOC. Maturity is also a consideration. The maturity of your SOC can have an enormous impact on the success of your security program as a whole.
Interested in learning more about the current state of security operations? Check back next week for part two of this series. Or contact us today to set up a free consultation with an expert from our team.