Ammar Enaya, Regional Director – Middle East, Turkey & North Africa (METNA) at Vectra, weighs in on the discussion on how organisations can secure their data.
Organisations are increasingly transforming into ‘digital businesses’, where almost all of their operations are conducted online – documents created, stored and edited in the cloud, communications via email, meetings held over Skype or Zoom. This has considerably expanded the attack surface for cybercriminals and at the same time, the threat landscape is continuously changing, while data privacy regulations are getting tighter.
On the flip side, businesses, particularly small and medium enterprises (SMEs), have limited time, money, people and skills with which to secure their operations. The convergence of these factors creates a compelling argument for pulling in expert assistance to help define, and in some cases operate, elements of a security programme, for many organisations.
For example, small businesses are unlikely to have the security resources or expertise in-house to perform any security operations, or perhaps even define their requirements. So these organisations will look to outsource the operation defensive controls and rely on the security provider to alert and advise them in the case of incidents.
Medium-sized businesses have an increased security awareness and maturity and take a more active role in defining their security operations needs but look to outsource much, if not all, of their operations. Such help can be sourced from specialist value added resellers, Managed Security Service Providers (MSSPs) or from security tool vendors as a service wrapper to augment in-house operations.
Do the security basics first and do them well. This includes perimeter security (firewalls), access controls (MFA) and endpoint controls (AV/malware defences). Don’t forget about users – they’re your biggest attack surface and first line of defence, so ensure you do regular security training with them and embed security into the business culture, rather than just seeing it as an IT or ‘technology’ issue.
Next, look to mature your security posture with detection and response, possibly threat intelligence and analytics. Using automation where possible can create new efficiencies and new ways to improve efficacy of cyber capabilities. For example, we’re seeing increased use of AI to automate threat detection and response, and in automating some or all of the steps needed for response and remediation, to significantly reduce security analyst workload and shrink the time it takes to remediate. This can be the difference between a contained incident or a full-blown breach. Automation doesn’t replace humans though, it augments them.
If I have to leave you with one takeaway, it is that you can outsource much of the heavy lifting of security operations but the organisational learning and contextual knowledge cannot be outsourced, which is why you must not outsource ultimate responsibility for cybersecurity when you outsource your security operations. With the trend of cybercriminals looking at third party suppliers of large enterprises as easier targets, SMEs cannot afford to underestimate their cybersecurity responsibilities.