Managing an organization’s cybersecurity has traditionally depended on the skills and knowledge of select smart people utilizing great technology tools to detect and respond to potential threats as they are identified. As threats increase in both volume and sophistication, however, SecOps professionals have come to realize that their personal smarts, hard work, and existing tools may not be enough to keep their heads above water. Working smarter, not harder, and utilizing tools that expand the efficiency of resources is paramount to staying ahead of the threat.
Secureworks® is well-aware of the strain that SecOps teams are under. That’s why we’re so focused on helping SecOps teams do as much as they can with what they have—and, wherever possible, helping them figure out ways to get more for their security investment.
To better understand how Secureworks believes you can achieve these twin goals of better resourcing and improved operational efficiency, Professor Sally Eaves recently had a conversation with Lisa Washburn, Senior Director of Product Management at Secureworks. We invite you to listen to the podcast interview featured on the Tomorrow’s Tech Today website, which covers the spectrum of challenges organizations are facing in today’s threat landscape.
Pressed for time? Here’s a brief overview of the broader discussion:
Why We Are Stressed
Above and beyond the mounting intensity of the attacks we face, Washburn cited five factors that push cybersecurity teams to focus more on their resource gaps, especially when it comes to SecOps solutions.
- The talent shortage: Organizations are only able to fill about 68 percent of their open cybersecurity positions. That means a mid-sized enterprise that really needs 4-6 people staffing its cybersecurity team to provide 24x7 coverage is often forced to operate with only 3-4 professionals handling an expanding load of alerts and concerns.
- Expanding purview: SecOps teams must maintain visibility into expanding and increasingly diverse digital environments that include growing networks, multiple clouds, large numbers of endpoints, and user identities logging on from a wider range of remote locations.
- Bigger toolkits: To safeguard their growing environments more effectively, SecOps teams are using more SecOps solutions—or, in more efficient SOCs, broader sets of tool features and functionalities. Managing all that technology places more demands on their limited time.
- Alert fatigue: As teams keep a closer eye on a larger environment, they get a lot more data popping up on their dashboards. A high alert volume engenders cognitive fatigue and can undermine team morale, as well as the ability to focus on the most urgent risks.
- Response pressures: It’s not enough to keep an eye on everything. When an active threat does rear its ugly head, security teams must respond quickly—because the slower their response, the greater the likelihood that the business will suffer adverse consequences. But it’s hard to respond quickly when your resources are already stretched thin.
What Can We Do?
During the interview, Washburn gave a brief overview of the various measures teams can take to optimize their SecOps solutions’ performance. These include foundational preventive measures such as diligent patching, deployment of antivirus and intrusion detection, tapping into the best available source of threat intelligence, and ensuring that cyber threats are included as part of any business continuity planning and testing that the organization conducts. She also highlighted some steps SecOps teams can take so they don’t carry the entire burden of their organization’s cybersecurity themselves. Those steps include:
- Getting other IT/data teams to build security into their work-product. It takes a lot more resources to secure digital assets “after the fact” in production than it does to make them inherently secure in the design-and-development phase. SecOps teams can ease this burden by promoting a security-first mindset across all peer disciplines.
- Promoting digital hygiene for all employees. SecOps will have fewer messes to clean up if technology users across the company exercise appropriate caution—especially when it comes to email and social engineering.
- Vetting suppliers. Every decision by every employee across the company to engage with a new supplier, contractor, or partner can expose the organization to additional cyber risk. All such engagements should therefore be subject to some form of appropriate security-related vetting.
- Integrate cybersecurity with the organization’s broader GRC strategy. SecOps can get a lot of support—and potentially leverage budget resources other than its own—if it works in closer partnership with leaders of their organization’s overall governance, risk, and compliance efforts. This is especially true in industries such as finance and healthcare, where information protections have broader legal and regulatory implications for the company.
This last point relates to what may have been Washburn’s most important high-level message during the interview: Cybersecurity needs to be re-positioned from an unfortunately necessary cost center to a strategic investment in brand trust. Brand recognition and trust is an increasingly powerful competitive differentiator in a marketplace that doesn’t universally inspire buyers’ confidence.
“Security spend can be a business enabler,” Washburn said. “The ability to demonstrate security due diligence is something that can actually differentiate a company in the eyes of its prospective customers, partners, and investors.”
Any SecOps team looking to optimize its resource-efficiency can always turn to Secureworks for a bit of outside help by leveraging our cloud-native cybersecurity platform Taegis™ for more holistic threat prevention, detection, and response. To read how organizations have driven measurable security outcomes to the points in Washburn’s podcast, you can download Forrester’s Total Economic Impact study, which identifies key value points most organizations experience when investing in XDR.
You Might Also Like
- Tags:
- Blog