Malicious activity is on the rise, especially with COVID-19 and many businesses transitioning to a remote workforce. During the first 100 Days of the pandemic, there was a 33.5 percent increase in cyberattacks. In corporate settings, human error accounts for more than 90 percent of security breaches. Thus, outside of the office, with limited structure and increased distractions, human error can easily run rampant, widening enterprise vulnerability.
As organizations continue to work remotely or plan their reopening strategies, their network vulnerability remains heightened. But, in the current recessionary environment, businesses cannot afford falling victim to cyberattacks. It’s critical that organizations come together with the necessary teams, tools and information to prevent attacks before they occur.
The Security operations center (SOC), a centralized team of analysts and engineers responsible for detecting, analyzing and responding to incidents, is the nucleus of an organization’s cyber resilience effort. However, this task and responsibility is often easier said than done. Below I outline the challenges that have impacted the SOC to-date, how a lack of collaboration can increase opportunities for hackers and what businesses can do to better connect their security and operations.
What Plagues the SOC? Responsibility, Increased Threats, Decreased Awareness
Cybersecurity is not, and can never be, a one department, siloed approach. The landscape is more complex than ever before – with new, intricate attacks carried out and spotted every day. In order to keep a business secure, collaboration is key.
The problem is that more often than not, collaboration is not happening, and the majority of cyber responsibilities fall to siloed SOC analysts. While CTOs, CSOs and CISOs help set the tone for cybersecurity strategy, they ultimately look to the SOC to carry out specific organizational cyber resilience tactics.
However, the SOC can only do so much, especially considering the strong level of technical expertise needed to be in one of those positions. Not to mention, in today’s remote work environment, virtual collaboration is difficult for the SOC, as they are accustomed to sitting in close proximity to other teams, like the network operation center, to share knowledge. As such, the SOC can become easily overwhelmed and siloed. This creates a variety of challenges for the team.
First, the SOC often experiences exacerbated responsibilities due to heightened threat activity and lack of employee awareness. Threat activity is changing by the day and becoming increasingly advanced. Keeping up with new and future attack vectors requires a close, tactical eye on the space. While automation can help the SOC keep a close eye on all potential threats, and react quickly, it is predictable, and thus vulnerable, itself. Threat actors can learn the patterns of a machine and target systems accordingly. Automation is helpful to the SOC, but also creates additional challenges.
Second, incidents often become overlooked due to overwhelmed analysts. Because the team is so short staffed, they can easily overlook malicious activity or fail to report incidents until hours after they occur, leaving the organization open to attack.
Blocking Threats Together: Best Practices
With all of this in mind, it’s easy to see how important the SOC is to protection. In order to keep this team of analysts supported, leaders must look to implement the following practices.
1. Listen to, and learn about, the cybersecurity landscape
Too often, cybersecurity falls to the wayside for a business leader. Regardless of whether a business keeps their SOC function in-house or outsources their team, it’s important that leadership remains in close communication with the analyst team.
Business leaders should first outline key metrics for their SOC to work towards and look to their SOC to provide regular data-driven updates on the business’ security environment. Second, leadership should meet regularly with their SOC to stay updated on their approach and implement new ways to stay resilient that align with business growth.
2. Encourage upskilling in the SOC and across the organization
Leaders and employees have a role to play in keeping their organization protected. Business leaders should continue to inspire their SOC to learn new skills in order to stay ahead of the constantly evolving threat landscape. In addition, leadership should also work to up-level cyber skills across their entire employee roster. Employees are an organization’s first line of defense – by keeping the human firewall aware and informed, the business is better protected.
3. Implement frequent security awareness training for all
Since human error poses one of the largest threats to the business, security awareness and training is needed across all levels of the organization – from the everyday employee to the most technical SOC analyst. In order to stay vigilant, employees need to stay excited about cybersecurity, which does not happen through mundane, irregular trainings. Training should be light, humorous and easy-to-follow.
Business leaders should instead create monthly virtual sessions with employees and their SOC. Use this time as an open forum for the SOC to teach employees about the threats on the horizon. Keep things lighthearted and relatable to help tactics stick. Identify the individuals who are most vulnerable to attack and set them up for 1:1 training. With regular trainings, organizations can keep their SOC ultra-aware and employees alert.
4. Implement automation tools, sparingly
Automation can be a great benefit to any organization. It can help put employees back to work on the tasks that matter most. Leadership should help their SOC identify the right balance of automation with human efforts.
5. Keep teams connected
Given the current pandemic and remote/hybrid work environments, organizations must help their security and operations teams remain in close contact. Adopting instant messaging communication tools, scheduling video calls for teams to chat about the current threat landscape and encouraging the use of secure cloud networks all help promote a collaborative environment.
By staying closely connected with their colleagues, even virtually, the SOC can keep up with the regular flow of security ticketing, eliminate data silos and reduce potential response lag time.
Remain Connected and Committed to Resiliency
With limited manpower, low employee awareness and rising cyber threats, organizations are more vulnerable than ever to malicious activity. The SOC has an integral role to play in keeping organizations secure but they can’t do it alone. It’s essential that business leaders take the time to connect with their SOC function. By understanding the threats on the horizon, the limitations of the SOC and the vulnerabilities their employees can create, business leaders can better support their SOC to keep it running effectively and efficiently. In turn, they will ultimately keep their businesses, data and employees better protected.
- 5 Ways to Keep Your Security and Operations Teams in Lockstep - August 4, 2020