C-suites across all industries, from traditional finance to the latest “unicorns” emerging in the fintech industry, are facing a formidable challenge: how to protect their business and customer data against growing cyber threats. However, new research from e2e-assure has revealed that few organisations are taking full advantage of security technologies available today. Instead, they’ve become complacent in their defence practices and may be exposing themselves to increased risks without even realising it.
In this blog, I’ll be exploring some of the main cracks in current cybersecurity defence approaches specifically around Secure Operation Centres (SOCs) and the value that CISOs and ITDMs are currently getting from their internal teams and third-party providers. I’ve partnered with e2e-assure, a leading managed threat detection and response firm as I believe in their brand. I also want to ensure you’re aware of the worrying trends that have come to light from their latest report, ‘Threat Detection 2024: Rejuvenating Cyber Defence Strategies.’ Having surveyed over 500 CISOs and ITDMs responsible for cybersecurity on the challenges faced with SOCs, their insights are not to be missed.
The Growing Gap in Cyber Defence
In 2023, cybercrime continues to loom large, with media headlines underscoring the severity of the issue. This is unsurprising considering today’s challenging business landscape. The convergence of factors such as strong inflation, a cost-of-living crisis, and low consumer confidence has led to slower than anticipated growth, global layoffs, a rise in unemployment, hiring freezes, and an increase in burnout cases. All of this takes place amidst escalating geopolitical tensions, wars, climate change impacts, energy security concerns, mounting sovereign debt, tech advancements, and a persistent threat of cyberattacks.
As a CISO or ITDM, the cyber defence challenges you face in your business couldn’t be tougher.
You know economic downturns incentivise cybercriminals. You witnessed this during the 2008 recession when the FBI reported a 22.3% growth in cybercrime, and during the COVID-19 pandemic when it surged 300%.
You know about AI advancements and despite the gains you’ve made in defence with them just how significant they are for attackers. As the attack surface continues to grow and attackers adapt their methods using new AI tools like Generative AI, a new category of hybrid threats has emerged. This is now blurring the boundaries between cybercrime and cyber espionage, and it’s forcing a heightened focus on cyber defence to safeguard national security.
You know about tech complexities and optimisation. Like many of your peers, you’re aware that your IT architecture may be too complex or outdated to adequately protect your organisation, inadvertently creating gaps in your defence that threat actors can exploit.
You know about increasing regulation and how regulators are driving a new era of transparency and collaboration in response to escalating cyber threats. But compliance navigation is complex. There are challenges in understanding and adhering to applicable regulations and allocating resources while staying updated with evolving regulations, finding common ground across jurisdictions, and keeping up with constantly evolving cyber threats. Remember 2021? In the USA alone, 36 states enacted new cybersecurity legislation!
You know about the skills shortageand how an increasing demand for personnel combined with your current skills gap is putting immense pressure on existing staff which is leading to burnout and attrition. Those who stay at your organisation or those you outsource services to face a higher risk of making mistakes as the workload becomes unsustainable. Headlines like ‘Survey Reveals 39% of IT Security Personnel Make Multiple Errors Leading to Data Breaches Amid Burnout Epidemic’ causes you sleepless nights, simply worrying.
And finally, you know your board expects you to be on top of these challenges. To reassure them confidently that you have their organisation safeguarded.
Threat Detection and Response Pitfalls
But these aren’t the only risks you face as a CISO or ITDM especially when it comes to threat detection and response. The overwhelming volume of security alerts that SOC analysts are having to deal with right now is having a detrimental effect on the efficiency and effectiveness of SOC teams, and invariably your organisation’s cybersecurity resilience.
For example, when your analysts or your outsourced provider’s analysts are inundated with high volumes of alerts, they can find it hard to effectively prioritise and respond to each one. This increases the risk of critical security incidents being missed or delayed, allowing potential threats to go undetected and exploited.
Dealing with large volumes of alerts can also significantly slow down incident response times as analysts spend time sifting through false positives or low-priority alerts, leaving less time for investigating and resolving genuine security incidents promptly. Recent research suggests security analysts are actually unable to deal with 67% of the daily alerts received, with 83% reporting that alerts are false positives and not worth their time.
With a consistent barrage of alerts, the likelihood of analysts developing SOC fatigue syndrome increases. This is risky especially considering third-party providers. For instance, when SOC analysts become desensitised to alerts and fail to respond promptly due to the flood of notifications, some don’t just hire more analysts to cope with the workload. Instead their SOC analysts quietly disable high-volume alerting features!
Frustrations around SOC-as-a-Service
Given this situation, the traditional SOC has been the cornerstone of defence for many years and it’s still one of the most popular security operation services to outsource. Opting for this smart approach not only alleviates current staffing pressures, but also grants access to specialists, advanced tools, and techniques, providing round-the-clock, year-round protection. That is if your provider is performing.
Unfortunately, research by e2e-assure suggests that 1 in 3 CISOs and ITDMs are dissatisfied with the service they’re getting from their third-party SOC provider. They’re frustrated by the continual need to bolt on new security offerings to meet their needs, slow decision making on alerts, reporting, and a lack of proactive measures being implemented, for example threat hunting to fine tune alerts.
In the face of rapidly evolving cyber threats, many CISOs and ITDMs believe the traditional approach of a SOC – waiting for an alert, investigating it, and responding to it – is no longer adequate. The urgency is clear: the speed to detect a cyber threat is a crucial element in mitigating damage and minimising the impact on an organisation. That’s why they need their SOC provider to move from a passive defence strategy to a more intelligent, proactive, attack disruptive model.
Yet according to e2e-assure’s report, only 14% of CISOs and ITDMs who outsource their SOCs to a third-party felt their security providers were exceeding their expectations. The majority felt less confident in their provider’s ability to respond to a cyber threat within 30-minutes and less likely to classify themselves as being cyber resilient as an organisation compared to CISO and ITDMs with in-house teams. In fact, only 15% felt they were resilient compared to 24% who were managing their SOCs in-house. That’s alarming.
Furthermore, CISOs and ITDMs at mid-sized organisations appear to be getting the worst deal from their third-party SOC providers. In comparison to their peers at larger organisations, e2e-assure’s research suggests they are less likely to have agility and accountability from their providers, flexible contracts that could adapt the scope of the original contract signing, transparent pricing, agreed SLAs and KPIs, and more likely to bear hidden contractual charges.
Predictably, most mid-sized companies express less confidence than larger enterprises when it comes to detecting threats. A staggering 47% reported underperformance in this area, while only 22% believe they possess the necessary resilience.
The demand for outsourcing SOCs continues to be strong. With an increasing need for flexibility and agility in the face of evolving threats, CISOs and ITDMs are desperate for products and services that can be customised to meet their unique security requirements.
By embracing tailored solutions and harnessing the power of advanced technologies, real-time monitoring, and proactive threat intelligence from a competent third-party provider who is on top of issues like burnout and commercial flexibility, CISOs and ITDMs can elevate their detection capabilities and protect their assets, data, and reputation effectively.
Now I want to hear from you…
Drop me a message and tell me how are you overcoming complacency in your defence practices and fully leveraging the available security technologies to mitigate risks effectively?
Then, sign up to receive e2e-assure’s full report – ‘Threat Detection 2024: Rejuvenating Cyber Defence Strategies’ In it, you’ll discover:
- How security providers are failing medium-sized businesses.
- Why SOC-as-a-service is not delivering benefits beyond those delivering in-house.
- How the lack of threat intelligence and the need to add additional bolt-on services is slowing cyber defence capabilities.
- What is needed to remain protected from cyber threats in 2024.
Here’s the sign-up link: https://bit.ly/ThreatDetectionReportJF
Finally, in the spirit of full disclosure, please be aware that I’ve received compensation for promoting this #ad for e2e-assure. Because your success is important to me, I only align myself with brands I believe in, and e2e-assure is one of them.