01 Mar Roundtable Report: Cybersecurity Challenge at Breaking Point
At our recent roundtable, IT leaders from the public and private sectors came together to discuss the cybersecurity challenge. Steve Timothy, our Cybersecurity Specialist Director, unpacks the insights and shares actionable advice.
It isn’t every day IT leaders from different worlds come together for a frank conversation. But the depth of the cybersecurity challenge, and worsening economic conditions, were enough to bring even the busiest and in-demand figures in the industry to the table for critical talks.
The need for strong cybersecurity is no new phenomenon, but cyber threats are growing in intelligence and agility. It isn’t enough to throw money at extra defences; that’s only half of the story.
Your cybersecurity strategy needs to evolve with your technology setup, employee behaviour and threat level.
We discussed overcoming alert fatigue, implementing counter-measures, solving resource issues and how to obtain comprehensive detection and response. Let’s take a look at each of those points and unpack the insights from our attendees.
Cybersecurity challenge 1: organisations are falling victim to alert fatigue and missing warning signs
Alert fatigue is real, and it doesn’t just apply to large organisations such as nuclear power plants, manufacturers, and financial institutions. When resources are stretched thin, it can be easy to miss the small details indicating that something isn’t right.
The same is true of cybersecurity. A multitude of nuanced threats exist, and it is difficult to multitask across systems and services. These cybersecurity challenges stretch an organisation’s resources and can overwhelm people, increasing the risk of human error.
Colin Lock, Cyber Security Business Manager at Ricoh, weighed in. “We regularly hear about employees stretched and bombarded with alerts. Some experience thousands in a day. In addition to their usual busy workloads, they find it a challenge to know which threats are actionable priorities.”
Attacks are evolving in sophistication. Organisations might miss the warning signs through lack of resources, training, and appropriate notification systems. This means they may not even realise they’ve been compromised until their operations are affected. At this point, it’s usually too late to update their cybersecurity measures.
With bidding and tendering coming up in the spring, getting this right is paramount. Airtight cybersecurity compliance is often a prerequisite for procurement, and governments are cracking down on the rules.
So what is the solution?
Roundtable participants agreed that a Managed Detection and Response solution (or MDR) could help with these issues. But what exactly is MDR?
What is Managed Detection and Response?
Managed Detection and Response is an outsourced package. It provides organisations with capabilities to detect cyber-attacks, respond when they occur, and helps recovery where necessary. This is an enhanced level of cybersecurity protection. It lifts the problem from the shoulders of IT teams and leaders, allowing them to place the responsibility with experts who are better resourced to meet the ever-evolving challenge of cybersecurity.
Cybersecurity challenge 2: organisations are relying on SOC or SIEM services alone — but more can be done.
The acronyms SOC and SIEM stand for Security Operations Centre and Security Incident Event Management, respectively. But the acronyms don’t matter as much. The key takeaway that organisations need to get right is maintaining a proactive process that both protects from and prevents threats.
SIEM platforms are expensive, need to be configured and optimised correctly and need to be maintained on an ongoing basis. This requires skills and availability often not present in the IT team.
Some businesses set up their own on-site SOC, populating it with a full-time, expert staff. However, this is expensive and resource intensive – and is only set to become more so in the current, increasingly sparse global market of IT professionals.
For example, in the UK specifically, ISC assessed that there are about 339,000 cyber professionals, up 13% year on year, but there is a shortfall of 56,811 workers, up over 70% year on year. These teams are also only available and responsive during working hours, limiting their ability to detect threats instantaneously.
Alternatively, some businesses opt to outsource operation of their SIEM platform to a third-party who will oversee critical alerts.
While an outsourced SOC/SIEM service can provide valuable cybersecurity insights, it usually leaves the onus on businesses to confront the challenges identified. They are not on-site and are removed from the source of the problem. Imagine a police service fifty miles away, calling to inform you of a break-in at your house — would that make you feel safe?
Both options – insourcing and outsourcing – can provide a fragmented and incomplete approach. They both lack the comprehensive, end-to-end detection and response an MDR service can provide.
As cyber threats evolve, businesses must move beyond passive or fractured solutions to proactive, exhaustive processes.
Cybersecurity challenge 3: companies have passively relied on insurance to reimburse losses — but this is no longer enough
By 2025, the cyber insurance market will hit $14.8 billion annually. Predictions indicate cybercrime will cost the world $30 billion annually by the same date. This rise in attacks and payouts happens when companies passively rely on reimbursement rather than solving the problem at the source.
Steve Timothy, Cyber Security Specialist Director at Ricoh said, “Insurance companies are tightening criteria. Soon it will become more difficult to recoup losses from cyberattacks. We must also emphasise the importance of optics when going through lengthy legal processes to recoup losses; organisations want to be known as stellar service providers, not remembered as victims after an attack.”
While insurance is a business essential, its value comes after the fact. It is responsive, not preventative, and it can’t recoup the loss of time or reputation once a cyberattack has compromised a company’s integrity. Expensive legal cases to recoup losses keep companies in the public eye — and not in a positive light.
In 2022, Shields Healthcare Group suffered a devastating attack that negatively affected its relationship with partnerships, hospitals, and other medical centres. In fact, using insurance to pay ransom could incentivise attackers to return; according to a 2022 IBM study, criminals attack over 80% of businesses more than once.
Cybersecurity challenge 4: employee awareness and consistent training is essential at all levels of business
Often, well-intentioned or busy employers schedule annual or bi-annual cybersecurity training, thinking doing so is enough to tick the right boxes. They make the mistake of thinking many other tasks take priority.
Technologies (and criminals!) develop and adapt very quickly. Cybercriminals also enjoy increasingly large budgets and sophisticated set-ups. Therefore, training needs to keep up.
Frequent, updated training also keeps cybersecurity a priority in employees’ minds and demonstrates that employers take it seriously, facilitating a culture of safety at every level of business.
The Solution – Managed Detection and Response
Introducing MDR delivers a significant step forward in cyber resilience in a short timeframe, mitigating the risk of alert fatigue and human error when the proper resources and structures are not in place.
Additionally, it offers comprehensive end-to-end detection and an ongoing security improvement. AN outsourced SOC/SIEM cannot usually provide this. With an MDR, businesses won’t have to rely on insurance if attacked (and lose money, time, and reputational value with partners).
If you’d like to learn more about what MDR can do for you, more information can be found in our eBook.
We’d like to thank all roundtable attendees for their valuable insights and contributions.