Cybercriminals continue to become more sophisticated and will take any opportunity—especially a global pandemic—to do their dirty work. In its Digital Defense Report, Microsoft notes the growth in identity-based and ransomware incidents and the expansion and evolution of internet of things (IoT) threats.
Much is at stake because when bad actors penetrate networks and hijack accounts. They can access potentially priceless data, harm reputations and bring businesses to a halt. This gives all organizations good reason to take steps to protect themselves from such threats.
Yet most organizations are not cybersecurity experts. That’s why many enterprises today use—or are considering engaging with—managed detection and response (MDR) providers. The COVID-19 pandemic has naturally increased interest in MDR, and Gartner’s Market Guide for Managed Detection and Response Services forecasts that half of enterprises will use MDR services that offer threat containment capabilities by 2025. This eWEEK Data Points article, based on industry information from Ric Longenecker, CISO of Open Systems, offers some key reasons why.
Data Point Reason No. 1: Organizations need to act more quickly to identify and respond to threats.
Most organizations consider getting outside help with cybersecurity only after experiencing an incident. Cyberattacks make companies realize they can’t handle cybersecurity alone.
Sometimes organizations get outside help in the form of a response specialist that provides remediation. But cybersecurity is not a one-and-done pursuit. You need to monitor, analyze and be able to respond to cybersecurity threats today, tomorrow and every day.
That’s why smart organizations engage with MDR providers for cybersecurity. MDR providers monitor for cyberthreats on an ongoing basis and alert enterprises when problems arise. Some organizations also work with their MDR providers to create a predefined action plan. Then the MDR provider can do remediation by containing threats on the enterprise’s behalf.
This is especially helpful when incidents occur at night, on weekends or on holidays when in-house technical staff are unavailable. Every minute a threat goes unchecked costs an organization money. Global cybercrime is poised to exceed $11 million per minute by 2021.
Data Point Reason No. 2: The remote workforce expands the threat surface.
Millions of employees stuck in their homes due to the pandemic are connecting to corporate clouds and networks via a variety of devices. In some cases, their companies have provided endpoints loaded with security software. Other endpoints are personal devices with little or no security—posing a very real threat. Cybercriminals see this as a chance to slip into corporate networks and other connected resources unnoticed.
Companies can prevent that from happening by using advanced MDR services. Leading MDR providers ingest data from multiple sources—including customers’ security stacks, endpoint and network detection response sensors, and VPN payloads—and combine that data with threat intelligence. This enables them to do context-aware analysis, make more intelligent and informed decisions, provide employees unfettered access and keep malicious actors at bay.
Rather than simply blocking recognized users attempting to log in from unknown IP addresses (which may just be different because employees are at home), a context-aware MDR service evaluates other criteria in making its decision to allow or deny access. This enables the MDR provider to determine if a login request is coming from a compliant endpoint by confirming the laptop or smartphone is a company-supplied device with the latest security updates.
Data Point Reason No. 3: Cybersecurity experts that meet your needs are hard to find, nurture and retain.
Getting the right cybersecurity talent to meet your needs is challenging. One barrier is most cybersecurity skills are not codified, so it’s hard to identify whether a candidate has the precise skills you need. Certifications can be valuable, but don’t necessarily ensure all needed skills.
A lot of cybersecurity training needs to happen on the job. A good cybersecurity expert must see the big picture and understand technical security fundamentals. This is essential for cybersecurity experts to progress in their careers, which is key to retaining this talent.
Businesses also need cybersecurity experts who can communicate and collaborate with others. The most important CISO skill right now is board-level communication skills. Cybersecurity leaders who understand the global risk picture can leave the actual in-the-weeds security to other team members or to their cybersecurity service provider partners.
Data Point Reason No. 4: It takes too much time and money to get in-house SOCs up and running.
Monitoring for, identifying and acting on threats require a security operations center (SOC). But building and staffing an SOC is not easy. It takes the average organization one to two years to build one. And the average SOC analyst takes six months to a year to become truly effective.
Many businesses are hesitant to take one to two years to completely build out SOC teams. Also, few companies have the budgets to hire the needed cybersecurity talent. Cybersecurity analyst salaries, a 2019 study said, fall between $90,000 and $160,000. And a 2018 report indicated that the national average salary for a cybersecurity engineer is $138,962.
Building an in-house SOC is like taking on a big infrastructure project. It will very likely take you twice the amount of time and three times the budget that you had originally planned for. A better approach is to work with an experienced MDR provider with the talent, tools and technology needed to monitor enterprise IT environments and contain threats as needed.
Veteran MDR providers have expertise in forensics and incident response and the platforms to do monitoring, ticketing and analysis. And their DevSecOps engineers and cybersecurity analysts can look at alerts, use context to understand what’s really happening and—when appropriate and authorized by the enterprises that they serve—act to contain cyberthreats.
Data Point Reason No. 5: Businesses and other organizations want to lower their liability.
Working with an MDR provider also enables organizations to lower their liability. Some MDR providers offer warranties against their services. Others have such good reputations and strong service-level agreements (SLAs) that businesses using these MDR providers can leverage their partnerships with these industry leaders to get lower rates on their cyber insurance.
If a person needs home insurance and buys a home alarm, their premium may go down because now there’s a control in place. If a business needs cyber insurance and can demonstrate that it has a compliance program or certifications—even if it’s through an MDR provider partner—that organization may be able to get a better rate. Organizations that work with MDR providers also can show they did due diligence in the event of a cybersecurity event.
Cyberthreats are only growing in sophistication, and they continue to come at organizations at a faster rate. That’s why a growing number of progressive companies are turning to MDR providers for help. Experienced MDR providers have the talent and technologies organizations need today to better protect themselves in an increasingly uncertain world.
If you have a suggestion for an eWEEK Data Points article, email cpreimesberger@eweek.com.