A recent study by Sophos, a cybersecurity services provider, found that an alarming 93% of organizations surveyed find it challenging to execute threat detection and response.
Considering the increasing number and continued sophistication of cyberattacks, it is even more concerning that, according to the study of 3,000 leaders responsible for IT/ cybersecurity across 14 countries, only 48% of alerts are investigated.
According to Ben Verschaeren, a security specialist and the senior manager for Global Solutions of Sophos, 70% of attacks against companies result in ransomware.
Cybercriminals scam each other — Sophos
Sophos: Cyber defense impacts insurability
“The amount of ransomware that we are seeing is not decreasing at all,” said Verschaeren, who has been in the IT industry since 2002. “What we have seen an increase in, over the past 12-24 months is the exfiltration of data.”
Verschaeren said organizations should be concerned about this because data exfiltration (or data theft) could mean that even if they recovered files after paying the ransom, those data could still be sitting somewhere in the attackers’ storage or worse, already exposed online or in forums.
While threat visibility and detection have improved over the years, skills shortage in cybersecurity is still one of the major challenges in executing a company’s cybersecurity strategies. Verschaeren pointed out that cybersecurity evolves and becomes even more advanced both in attacks and mitigation. It is an evolving skill that, like technology, needs upskilling as the need arises.
Cybersecurity as a Service (CaaS)
Fortifying internal cyber defenses or building their own Security Operations Center (SOC) can take years and that also includes the continuous upskilling of personnel. As mentioned earlier, cybersecurity is an evolving landscape, and security officers’ skills are expected to evolve with it.
The challenge and the sheer number of security incidents that need to be monitored can be overwhelming, especially for large organizations.
According to the Sophos’ report, investigating and responding to advanced cyberthreats is a specialist skill, and providing 24/7 coverage would require a minimum of five or six people. And because of skills shortage, many organizations are looking to external experts for support with 44% of respondents planning to start working with a Managed Detection and Response (MDR) provider within the next 12 months.
Verschaeren noted that while Sophos usually look at small and medium businesses with below 5,000 users, he is seeing a trend of large enterprises starting to use their services to provide additional human resources.
“Our clients outsource Sophos MDR as a way to augment their security strategies which is more cost-efficient than hiring additional personnel,” said Verschaeren. “MDR gives them another level of visibility. If their SOC misses a security incident, the MDR may be able to detect it.”
Verschaeren emphasized that organizations don’t really have to look at full replacement of their security solutions (or even scrapping SOC). CaaS can augment internal SOC and lifts a significant amount of burden and cost in cybersecurity strategies.
“This trend of (subscribing) to Cybersecurity as a Service — and using solutions like MDR — is gaining traction and becoming more popular because it gives human resources that are skilled working in cybersecurity every day,” Verschaeren said.
Sophos leverages telemetry and information coming in from every endpoint. Security teams from Sophos Labs analyze threats every day which provides them significant amount of data that allows them to easily and quickly identify not normal or malicious activities.
“Having that intelligence to check against all of our customers ensures a greater level of protection,” Verschaeren said.
Internal SOC would need to purchase and pay for threat intelligence that may or may not be relevant to their organizations. Add to the budget would be security researchers who would conduct malware and threat analysis. Outsourcing CaaS gives these organizations a multitude of experts who would do all of the tasks mentioned.
Installing outsourced CaaS could only take up a few days, depending on the size of the organization and the data needed to be secured. It also provides a round-the-clock monitoring operation.
Verschaeren said after launching its MDR service a couple of years ago, Sophos has exceeded 15,000 customers globally. He also noted “a new area of startups coming to market that are just outsourcing security operations centers.
“We have seen a slowdown of other security startups but we are suddenly seeing this increase in vendors trying to come to market because, at the moment, that is what people are buying and looking for,” Verschaeren said.
1 reply »