From the comfort of the Gloucester Shed—my “home office” that’s now gaining notoriety internally at Rapid7—I recently watched three colleagues speak in a webinar about the ways the world is changing around us and the relationships we have to nurture as a business community in order to navigate the inconstant world we find ourselves in. We are in strange times, indeed.
As I listened, however, I was acutely aware that while the “where” has changed, the challenges we face as an increasingly global economy are largely staying the same.
For example, Simon Parry from our partners at Development Bank of Wales spoke candidly about the challenges his organization has seen helping to get funds into small- and medium-sized enterprises in some of the most economically challenged regions of the U.K. Their goal is to ensure those fragile economies and businesses are able to return to business as usual when we emerge from this crisis.
Clearly, DevBank Wales has a very important role to play in the U.K. economy, and I imagine many other companies out there are having to navigate similar pressures.
The COVID-19 pandemic has pushed many businesses into survival mode, and the focus has been on ensuring colleagues can reach the tools they need to continue to operate. What it has also done is bring into sharp contrast the continuing challenges businesses have around cybersecurity. As Simon succinctly put during the webinar, “The chair has changed, but the issues remain the same.”
So, what do those challenges look like, and how can businesses overcome them with managed detection and response (MDR) operations?
Talent shortage in cybersecurity
It’s old news, but still as true today as it was when it was first publicized. There are not enough people to fill the vacancies, or more accurately, to build the teams needed to maintain companies’ cybersecurity activities. Layer on top of that the competitive market for cybersecurity professionals, and we find that companies teams are often transient as individuals move on to face new challenges and higher wages.
Cybersecurity talent is beginning to pool around certain cities globally, typically in places with huge central government operations or great connectivity infrastructure. This means it can be difficult to attract people if you’re not in these specific locations. As a result, your understanding of your security posture as a business isn’t anywhere near where it should be.
24x7x365 and business continuity
First, this isn’t optional—and for good reason! This is not just a tick-box exercise to appease the compliance gods. If you create a SOC based around a Monday to Friday, nine-to-five schedule, an attacker can infiltrate, extract, or deploy what they want and be gone before your team has even discovered the incident.
If you want defenses that work, the experience should be the same on Christmas Day as it is on a rainy day in April. And to do that, you need at least 12 people focused entirely on this to ensure consistency over the course of the year. If you can’t recruit the bodies, a good SOC partner should be able to be your vigilant backstop.
Threat Intelligence and global visibility of threat landscape
Consuming and sharing threat intelligence content is a key component of any strong SOC program. Sharing tactical threat intelligence to communities requires a certain degree of maturity of both technology and processes supported by knowledgeable people, which will help drive maturity in other aspects of your incident detection and response (IDR) programs. Talk to your industries and your security partners to ensure you are sharing key threat information to help you peers and industry overcome and defend against breaches quicker.
Having a team or partner for when the inevitable happens is going to make dealing with fallout easier. Having those teams educated in the business response side of breaches as well as the technology responses—things like internal communication and brand management—will help to navigate a messy breach with more ease.
It doesn’t have to all be people, either. While we’re nowhere near security being delivered exclusively by machines, we can augment humans with security orchestration and automation (SOAR) tools to ensure repeatable tasks can be automated and you can get on with the interesting stuff.
I’m sure my advice isn’t new or ground-breaking, but I really enjoyed watching the discussion unfold. If you’d like to listen to the whole webinar, please follow the link below. Thanks for reading all, and stay safe out there!