April 21

0 comments

Security Operations Centre – an evolution in cybersecurity

2021 and the cyber threat landscape continues to evolve. In an automation arms-race, both sides are rapidly innovating with new tool sets and techniques in constant development to outsmart the other side.

The old days of inconvenience and perhaps a little reputational damage have long gone. Whilst viruses and malware still exist, today’s raiders use sophisticated automated tools to disrupt your business and cause real financial loss through lost production and direct extortion. The latest reports below underline the scale of attacks and extortionate ransom payments demanded.

In the first quarter of 2021:

- UK organisations were subjected to almost 2,000 cyber-attacks a day, according to a Beaming study

- This equates to 172,079 cyber-attacks against businesses; with attacks every 45 seconds on average

- The fastest growing cyber-attack is ransomware and the average payment following a ransomware attack in 2020 rocketed up 171% to $312,493 compared to $115,123 in 2019

The rewards for cybercriminals are huge. It’s estimated that it will reach $6 trillion in 2021. To put that into context, if the profits from cybercrime were a country, it would be the third largest in terms of GDP after the US and China.

Automation – friend or foe

Automation was hailed as the big deterrent against cyberattacks, yet conversely, hackers are using automation to carry out far more attacks on businesses of all sizes. Big or small, it doesn’t matter, every company is under threat now. Hackers have also become more sophisticated, faster, subtler, often lurking for weeks or even months silently laying a trail of destruction and chaos that once it goes live, are intended to bring businesses to their knees.

The threat landscape has evolved, and businesses need to adapt just as much. They must become more proactive in how they manage their cybersecurity as no longer can they rely on passive measures such as firewalls and anti-virus.

Who is responsible for your cybersecurity?

The responsibility of cybersecurity can no longer just sit with the IT team alone who are already stretched managing employees working remotely, getting up to speed with the raft of new Brexit regulations and continue to drive innovation for the business. Attacks come 24/7 – 365 and it requires being always-on and being super vigilant in monitoring systems and networks, looking for the smallest traces of anomalous behaviour and rapidly evaluating and reporting when an occurrence is observed. There are too many opportunities for alerts to be missed for any number of reasons internally - and its usually down to human error. 

Questions to ask yourself is:

  • What happens once an alert is made?
  • How is it escalated?
  • How does the team then respond?

To better understand the need for rapid response, automated tools used by hackers are now capable of taking control of a workstation breaking into a network within 20 minutes of an employee unwittingly clicking on a phishing email. The average for all groups is less than two hours.

The SOC businesses need are set up for the  1/10/60 challenge:

  • detect an attack within one minute
  • understand it in 10 minutes
  • contain it within 60 minutes

That level of speed in response capability happens when you bring SIEM (Security Information Event Management) with a highly trained and skilled SOAR team (Security Orchestration Automation and Response) together into a SOC. Yes, technology plays an important part of the solution, however it also takes people with specialist skills to identify the threats and know how to react and respond in minutes.

Large companies with big budgets have set up Security Operations Centres with dedicated highly trained and well rehearsed teams with each person having a specific role. 

The roles and responsibilities of a SOC team are shown below.

Are all SOCs the same? 

On the surface they all promise the same elements – always on monitoring and rapid response teams set up to identify cyber threats. Yet there are differences, and this is why the partnership Digital Craftsmen has with ARMOR is a game changer for small to mid-sized businesses.

ARMOR is a leader in providing cybersecurity technology and robust 24/7 alert system. Working with partners across the globe their systems and technology are set up to monitor thousands of networks and systems and this means they're able to detect the slightest sign of an emerging threat.  

Digital Craftsmen brings its meticulously managed ISO27001 and Cyber Essentials verified services which offers the level of IT cybersecurity professionals expertise second to none. You'll find the list of services DCL provides with its SOAR team to support businesses as they migrate into a SOC and then with the extra added layers of security around the business networks and systems. The rapid response on offer meets the 1/10/60 challenge - the gold star level of industry response to any cyberattack. 

Audits – Security / Vulnerability scans across business network to identify potential vulnerabilities 

Consultancy workshop – deep dive into your business operations; how data is moved across your business and set-up across your network

Harden – hardening activities to make systems more resistant to attacks

Protect – subset of hardening - keeping your business up to date with patches and threats

Monitor - Dynamic monitoring for attacks, looking for small signs of anomalous activity in the network

Respond – Rapid response to detection of an attack, dealing with issues and reporting

Do these services make the extra difference for businesses in managing their risks and cybersecurity?

Yes.

Our craftsmen are highly skilled and their expertise is recognised in the work and consultancy carried out with large organisations to fine tune and continually optimise their cyber defences. They bring this extra knowledge for the mid sized businesses so they can also benefit from an excellent managed SOC service. 

In our next SOC blog post we look at the understanding the ROI of cybersecurity, a hard thing to quantify yet essential for all businesses as the impact can be potentially catastrophic. 

In the meantime, if you'd like to speak to one of our cybersecurity specialists we're always open - contact us via [email protected] or call us on +44 (0)20 3745 7706. 


Tags

Cyber attacks, Cyber Essentials, cybersecurity, ISO27001, Security Operations Centre, SOC


You may also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Keep up to date with the latest developments in server security