The worst-kept secret across the global business community is that cyberattacks have been steadily increasing in the past five to ten years. The threat has grown almost exponentially since the onset of the global pandemic in March of last year. With more and more people working from home, on far less secure networks than typical workplace infrastructure, cyber attackers and bad actors of all sorts have taken full advantage of the situation.
In the first half of 2020 alone, data breaches exposed 36 billion records. Ransomware and phishing attempts detected in the second quarter of 2020 increased by 64% over the previous quarter. Even more frightening, the number of cleartext usernames and passwords found to be exposed on the dark web since March of 2020 has increased by 429%.
Faced with this onslaught of cyberattacks, organizations naturally invested heavily in a variety of cybersecurity products. Cybersecurity itself has become one of the fastest-growing industries of the past five years. There are now more than 3,000 security solutions vendors in the market, responsible for serving a $120 billion global market. While these products have done a decent job protecting organizations that would have otherwise been left vulnerable, they have also created a new problem that IT professionals now need to tackle.
The problem of alert fatigue
Another challenge facing IT departments today is the fact that cyberattackers are becoming savvier as to how and when to launch attacks for the maximum success. One cybersecurity firm found that attacks between the hours of 8 pm and 8 am rose from 27% in the first quarter of 2020 to 35% in the following period. These bad actors are timing their attacks for times when IT security officers are off the clock, thus reducing their capability to respond immediately.
Tools versus operations approach
The best thing an organization can do to protect itself in 2021 is to shift the mindset from a tools approach, to an operations approach. It is a matter of reframing the question from what you’ll use, to how you’ll address security concerns. As an example, a tools approach might be introducing a new element into the corporate network to beef up security, perhaps encryption software or a network monitoring tool; but adding new tools by themselves can compound the problem of alert fatigue. Although AI and machine learning can help with filtering of alerts for credible threats, in many cases it will not be enough to catch everything without human expertise.
Where in a tools-based approach products (hardware or software) are your first line of defense, in an operations-based approach you work backwards from an outcome – to improve your security posture; in many cases this will mean reaching outside your organization for expertise, and possibly tools. The problem with security tools is rarely the tools themselves. The issue lies in utilization. In fact, the vast majority of tools (80%) are incredibly underutilized according to the Mandiant Security Effectiveness Report due to the level of management required to maximize utility out of these tools. The utilization challenge is compounded by the lack of IT resources necessary to comb through potentially tens of thousands of alerts, prioritize critical items, and then take corrective action. This is why we see many companies with an operations focus on security choosing to work with an experienced partner to help them harden security without placing undue burden on their internal IT teams.
We work with a number of partners on this type of service. As an example, Arctic Wolf offers a service in this area called Managed Detection and Response. It analyzes security alerts, whittles them down to a much more manageable number – about five to ten per month – and makes specific, timely recommendations on how to address them. It’s one thing to be alerted of security threats, it’s another to know exactly what to do to tackle them. Arctic Wolf’s service provides a course of action in terms of attending to these security issues.
Unfortunately, finding out you have a problem and knowing what to do are just the tip of the cybersecurity iceberg. Compugen’s expertise comes in where a service like Arctic Wolf’s leaves off – implementing remediation as the boots on the ground. Sometimes, the lowest intensity tasks, like network-wide security patches, can represent the biggest IT undertakings when volume is factored in, which many organizations are not equipped for. When combined, a relationship with good partnership becomes similar to that of a cybersecurity concierge – with Arctic Wolf providing 24x7 eyes-on-the-glass coverage and Compugen executing any required remedial action scaled out to every device in your organization.
Perhaps the greatest case to be made for an operations approach has little to do with technology and more to do with peace of mind. Should you be hit with a cyberattack, having an external resource on standby ensures you will have a level of support beyond your internal team’s capacity and capability.
To find out more about how a security operations approach can help your organization, reach out anytime. I’d be happy to discuss it with you.