Workforce transformation has played a crucial role in the survival of many organisations and industries during an era of unprecedented upheaval.
Although digital transformation and upgraded security operations were a consideration for most enterprises pre-COVID-19, the impact of the pandemic has driven a rapid uptake of new technology and improved security measures.
The changed business landscape and altered workforce models forced organisations to establish remote working operations. This has seen more software and security deployments in the cloud, and more devices, both company-owned and employee’s personal devices, used for work.
The recent annual State of Security Operations report from CyberRes found that there has been an increased adoption of advanced security technologies and hybrid cloud deployments, driven by the need to navigate and manage an increasingly complex and expanding attack surface due to rapid workforce transformation. In fact, 79 per cent of security operations centres (SOCs) have increased their adoption of advanced security technologies in the past year and the biggest challenge security teams face in 2021 is monitoring security across the organisation’s expanding attack surface.
Cyber resiliency in the new era
A key aspect of addressing businesses resiliency, securing digital transformation, and delivering an efficient, productive hybrid workforce is the ability to identify threats and reduce organisational risk. Since the first emergence of security operations in the mid-1990s, security has been improved by new technologies; however, this means that organisations may have varying states of SOC maturity based on the frameworks, technologies, and strategies adopted.
To combat cyber adversaries of the modern era, including artificial intelligence (AI)-led adversaries, SOCs need to be resilient. This includes being able to protect the business from the new era of highly intelligent, sophisticated adversaries. SOCs need to evolve into counter-adversary centres where machines, such as AI, automation, and machine learning (ML) can assist in countering modern threat actors while human analysts interpret threats as needed.
The State of Security Operations report also found that 59 per cent of respondents advised the top use case for automation, ML, and cognitive security is to improve detection of advanced threats. In Australia, 31 per cent of organisations said that improving the detection of advanced threats was one of the primary roles of these cognitive security technologies in their cyber operations.
There are four key fundamental and critical topics that SOCs need to consider:
1. Cyber resiliency. SOCs need to consider how their operational capabilities, threat models, risk, and performance metrics align with the organisation’s digital and cyber resiliency goals. These are fundamental to consider when securing the value chain.
2. Securing critical operations. SOCs must also consider critical business functions and systems. This includes the organisation’s digital supply chain and any other operations or systems that are essential to business continuation.
3. Modernising technology. To address modern threats, SOCs need to ensure they have automated tactics and procedures to counter advanced adversaries. This is where security orchestration, automation and response (SOAR), ML, automation, and AI for IT operations (AIOps) can bolster the organisation’s defences.
4. Proactive forward thinking. This requires SOCs to think ahead, beyond simply detecting and responding, to consider the recovery stage. Creating a recovery strategy will help the organisation to get back to business faster and continue operations in the event of a security breach.
How to help improve cyber resilience
Cyber resilience responsibility shouldn’t fall on security operations teams alone. There are other methods that should be considered to help improve the company’s cyber resilience.
In particular, there are two important considerations for this:
- Employee education and training
Employees play a vital role in protecting the organisation, especially from common scams and phishing attacks trying to infiltrate the organisation. From January to July this year, Australians reported more than 34,000 phishing scams and, in the same period, lost AU$9.7 million to remote access scams .
With the shift in workforce models letting employees work remotely, and with more personal devices used for work purposes, the attack surface is continuously growing. This highlights the importance of regular staff education about security protocols and what attempted breaches look like. All organisations must implement regular training to reinforce the importance of employee participation in the protection from cyber adversaries.
- Regular policy reviews
With cyber adversaries finding new ways of infiltrating organisations, cybercriminals becoming more sophisticated with attacks, and new technologies emerging, the security landscape is constantly evolving. Regular reviews for both company policies and security operations are essential to creating a cyber resilient organisation.
Organisations must ensure they are cyber resilient, equipping themselves with evolved security operations and a SOC that will proficiently protect the growing attack surface. They need to be secure from all angles to stay ahead of cyber adversaries in the transformed business environment.