Freely subscribe to our NEWSLETTER

As cyber-attacks across the world increase, organisations will inevitably continue to spend on security tools and technologies; sometimes blinded by the latest and seemingly greatest ones. This isn’t always the answer. It is absolutely vital for organisations to go back to basics and start at the beginning. It is vital that organisations have a security strategy and roadmap, underpinned by one or more of the key security frameworks and that the majority of spending is aligned accordingly. This helps limit impulse spending and ensures the organisation is maximising budgets in line with planned and targeted security maturity. 

Also consider benchmarking versus peers, as it helps determine whether they’re budgeting enough and perhaps more importantly, in the right areas. Organisations should take a category-based approach and assign budget to the necessary areas based on company needs and consider what peers are spending on their cyber security strategies. 

As a guideline, businesses can benchmark security expenditure based on allocation per employee or proportional to annual revenue. This provides a baseline to derive the figure that the average organisation spends as a whole to protect against common cyber threats. Whilst spending levels vary significantly between interquartile ranges, it helps understand where the organisation stands on the spectrum of cyber security investment. 

Unfortunately, organisations are in an arms race with the threat actors they are facing. In an ideal world, cyber economics and spending should evolve faster than the cyber threats it’s being allocated to counter, and this should be top of the agenda for organisations as we move into 2023. 

Overcoming the cyber security skills shortage  

The age-old industry issue of skills shortage is set to continue but can begin to be mitigated. 

The challenge here takes somewhat of a ripple effect in practice. The first hurdle for many organisations is finding qualified employees to protect their critical IT systems. In reality, 39% of companies struggle with SOC staff shortages and finding qualified employees.  

The shortage of staff not only reduces the effectiveness of an organisation’s cyber security defences, but also then places a tremendous burden on small teams that are expected to process an extremely high volume of alerts, with limited access to the tools or employees necessary to do this effectively.  

The end result of understaffing is a stressful and unproductive working environment. One survey of IT and SOC decision-makers found that 51% feel their team is being overwhelmed by the volume of alerts, and 55% admit they aren’t entirely confident in their ability to prioritise and respond to them.  

The solution here will be a marriage of human resource and automation. Not only will a degree of automation increase motivation among the work force, freeing employees up to undertake the tasks that will give them higher job satisfaction and make it more likely for them to remain in that role and limit the risk of cyber burnout, it will also bridge the skills gap. 

Where skills are in short supply, automation technology can provide some help in alleviating the issue. In particular, where processes are defined and already exist within the security operations centre, it can be useful to look at repetitive tasks; those that have defined inputs and outputs. These tasks are ones that staff are spending inordinate amounts of time on repetitively. 

What will change moving forward, is accepting the next generation of cyber security resource. With over three million unfilled vacancies in the industry, organisations today need to think beyond the traditional model of what constituted a cyber security resource. Whether that be a resource that’s technically-focused or one that’s more human-focused and collaborative, it’s important to realise that not all skills fit the same profile. As is the recognition and acceptance that talent can be found from more readily transferable and cross-trainable industries. 

On a similar note, organisations will need to be more diverse and shun the unconscious bias in terms of what represents a cyber security resource, which historically may have erroneously excluded suitable profiles based on age, gender or background. Intelligent outsourcing and partnering with third party experts can also provide relief to overstretched inhouse teams. 

Getting ahead of the threat landscape  

High-profile cyber-attacks have shown that no company is too big to fall victim and only highlights the fact that many companies are still unequipped to deal with the modern cyber threat landscape, where breach prevention is becoming increasingly difficult.  

Moving into 2023 and beyond, the threats and subsequent attacks will only increase, contributed to by continuing political conflicts and the UK’s involvement as well as ongoing remote working across many businesses. 

One increasingly common approach to alleviate these risks is the rising adoption of Managed Detection and Response (MDR). With data breaches becoming more difficult to prevent, it is essential to rapidly respond to security incidents to reduce the potential impact on business continuity or data security. The most effective way to decrease incident response time is with an MDR service, which provides 24/7/365 support from a remote SOC that helps companies detect and respond to threats ASAP. 

The growing need for rapid incident response capabilities has led many organisations to start investing in MDR services. According to Gartner, by 2025, 50% of organisations will be using MDR services for threat monitoring detection and response functions that offer threat containment capabilities.  

One of the reasons for the growth in popularity of MDR solutions is their effectiveness at combating and containing emerging cyber security threats like ransomware attacks, advanced malware, insider threats, supply chain compromise, and phishing attempts. 

MDR provides enterprises with all the support they need to detect and respond to the next generation of cyber threats. Rather than paying to maintain an on-site SOC, paying a single monthly service fee and have a team of security analysts on-call to help means that security incidents can be detected, investigated, and contained, significantly reducing the chances of damaging data leaks and business-impacting downtime.