April 21

0 comments

Security Operations Centre – an evolution in cybersecurity

2021 and the cyber threat landscape continues to evolve. In the automation arms race, both sides are rapidly innovating with new toolsets and techniques in constant development to outsmart the other side.

The old days of inconvenience and perhaps a little reputational damage have long gone. Whilst viruses and malware still exist, today’s raiders use sophisticated automated tools to disrupt your business and cause real financial loss through lost production and direct extortion. The latest reports below underline the scale of attacks and extortionate ransom payments demanded.

In the first quarter of 2021:

– UK organisations were subjected to almost 2,000 cyber-attacks a day, according to a Beaming study

– This equates to 172,079 cyber-attacks against businesses; with attacks every 45 seconds on average

– The fastest-growing cyber-attack is ransomware and the average payment following a ransomware attack in 2020 rocketed up 171% to $312,493 compared to $115,123 in 2019

The rewards for cybercriminals are huge. It’s estimated that it will reach $6 trillion in 2021. To put that into context, if the profits from cybercrime was a country, it would be the third-largest in terms of GDP after the US and China.

Automation – friend or foe

Automation was hailed as the big deterrent against cyberattacks, yet conversely, hackers are using automation to carry out far more attacks on businesses of all sizes. Big or small, it doesn’t matter, every company is under threat now. Hackers have also become more sophisticated, faster, often lurking for weeks or even months silently laying a trail of destruction and chaos that once it goes live, are intended to bring businesses to their knees.

The threat landscape has evolved, and businesses need to be reactive. They must become more proactive in how they manage their cybersecurity because no longer can they rely on passive measures such as firewalls and anti-virus.

Who is responsible for your cybersecurity?

The responsibility of cybersecurity needs to evolve with sitting in the IT team alone who are already stretched managing employees working remotely, dealing with the raft of new Brexit regulations and continuing to drive innovation for the business. Attacks come 24/7 – 365 and it requires being always on and super vigilant in monitoring systems and networks, looking for the smallest signs of anomalous behaviour and rapidly evaluating and reporting when an occurrence is observed. There are too many opportunities for alerts to be missed for any number of reasons internally – and it’s usually down to human error.

Questions to ask yourself:

  • What happens once an alert is made?
  • How is it escalated?
  • How does the team then respond?

To better understand the need for rapid response, automated tools used by hackers are now capable of taking control of a workstation breaking into a network within 20 minutes of an employee unwittingly clicking on a phishing email. The average for all groups is less than two hours.

What the SOC should aim for – the 1/10/60 Challenge:

  • detect an attack within one minute
  • understand it in 10 minutes
  • contain it within 60 minutes

That level of speed in response capability happens when you bring SIEM (Security Information Event Management) with a highly trained and skilled SOAR team (Security Orchestration Automation and Response) together into a SOC. Yes, technology plays an important part in the solution however, it also takes people with specialist skills to identify the threats and know how to react and respond in minutes.

Large companies with big budgets have set up Security Operations Centres with dedicated highly trained and well-rehearsed teams with each person having a specific role which is listed below.

Are all SOCs the same? 

On the surface, they all promise the same elements – always-on monitoring and rapid response teams set up to identify cyber threats. Yet there are differences, and this is why the partnership Digital Craftsmen has with ARMOR is a game-changer for small to mid-sized businesses.

ARMOR is a leader in providing cybersecurity technology and a robust 24/7 alert system. Working with partners across the globe their systems and technology are set up to monitor thousands of networks and systems and this means they’re able to detect the slightest sign of an emerging threat.

Digital Craftsmen (DCL) brings its meticulously managed ISO27001 and Cyber Essentials verified team offering a level of cybersecurity expertise second to none. DCL supports businesses as they migrate into a SOC and then bring in the extra added layers of security around the business networks and systems. The rapid response on offer meets the 1/10/60 challenge – the gold star level of industry response to any cyberattack.

Audits – Security / Vulnerability scans across your business network to identify potential vulnerabilities

Consultancy workshop – deep dive into your business operations; how data is moved across your business and set-up across your network

Harden – hardening activities to make systems more resistant to attacks

Protect – subset of hardening – keeping your business up to date with patches and threats

Monitor – Dynamic monitoring for attacks, looking for small signs of anomalous activity in the network

Respond – Rapid response to detection of an attack, dealing with issues and reporting

Do these services make the extra difference for businesses in managing their risks and cybersecurity?

Yes.

Our craftsmen are highly skilled and their expertise is recognised in the work and consultancy carried out with larger organisations to continually optimise their cyber defences. They bring this extra knowledge for the mid-sized businesses so they can also benefit from an excellent managed SOC service.

In our next SOC blog post, we look at understanding the ROI of cybersecurity, a hard thing to quantify yet essential for all businesses as the impact can be potentially catastrophic.

In the meantime, if you’d like to speak to one of our cybersecurity specialists we’re always open – contact us via [email protected] or call us on +44 (0)20 3745 7706.


Tags

Cyber attacks, Cyber Essentials, cybersecurity, ISO27001, Security Operations Centre, SOC


You may also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Keep up to date with the latest developments in server security