FEATURE : SOC there was an increase in companies that experienced breaches of more than 1 million records , which is considered a mega breach . “ Globally , breaches of one million to 10 million records cost an average of US $ 50 million , more than 25 times the average cost of US $ 3.86 million for breaches of less than 100,000 records ,” he said .
Pierre Jacobs , Head , Cybersecurity Operations and Compliance , CyberAntix , said the biggest pitfall is to try and develop an internal SOC . “ Experienced expertise is so scarce and you can sink or swim by just the technology choices you make , before you even get to the policies and processes . Most organisations don ’ t have an asset identification and classification scheme in place which makes it difficult to develop use cases . When outsourcing , choose your partner carefully . Ask for CVs of the senior resources and check for real cyber experience , not just network security experience .”
Dimitris Raekos , Sales Director , MEA SOCRadar , pointed out that setting up your own in-house SOC is a very demanding project and a big investment . Raekos said besides deciding on the required technologies which must of course seamlessly integrate with each other , CIOs and CISOs need to consider the on-going operational cost of running and maintaining a new SOC . “ Next , you must find sufficient staff with the correct skillset and experience – without the right talent , the new SOC will not provide the expected results . While staff shortage can be mitigated to a certain extend by well-designed processes and strong process automation , budget constraints and permanent struggles to obtain funds can become a major roadblock ,” he said .
Evolving threat landscape
Lehan van den Heever , Cyber Security Advisor and Member of the Information Systems Security Association ( ISSA ), said to fight modern global cyberthreats growing at an alarming rate , a SOC must be equipped with the technologies , security intelligence and knowledge that empower it to adapt to ongoing challenges in a changing threat environment .
Van den Heever said these encompass the likes of advanced defence technologies , access to global threat intelligence , cybersecurity training , forensics , security assessments and penetrating testing to name just a few . “ With the expanding attack surface and the growing sophistication of threats , just reacting to an incident is no longer good enough . Increasingly complex environments provide attackers with a multitude of ways to execute their attacks ,” he said .
Skills in demand
Hand said in an environment fraught with growing risk , cybersecurity skills need to be addressed particularly in the current environment , when organisations are having to do more with shrinking budgets . “ The need to accelerate Digital Transformation means there have to be adequate cybersecurity skills in place to mitigate risk as they digitally transform ,” he said . “ Organisations in MEA need to look at multiple approaches to address the skills shortage . One measure would be to put security as a key topic all the way from school level through to university level . Companies could also consider introducing more short , technical cybersecurity courses , in which some basic security skills are taught without the need for advanced degrees .”
He added that industry stakeholders should also collaborate more on joint research programmes to develop Machine Learning and AI solutions that take over some of the tasks burdening cybersecurity staff today .
The required skills matrix in 2022 it is quite broad , you need great understanding of endpoints and networks , a good knowledge with tools like SIEM , SOAR , TIP , EDR , firewalls and sandboxes , but also skills like ethical hacking , reverse engineering , and forensics . What helps to become a great security analyst is empathy with attackers : What information will they look for ? How will they try to attain their goals ?
Van den Heever added that from a skills perspective , effective SOC team members must have an inquisitive mind capable of constructing an overall picture from scattered data fragments , the ability to maintain a continuous focus while withstanding high stress levels and a good general knowledge of IT and cybersecurity .
“ But whether a company is looking to fill SOC roles through external recruitment or internal promotion , finding team members with the desired skills ‘ out of the box ’ is not easy . Ongoing training is therefore essential not just to fill the gaps between current and required skillsets , but to equip team members to deal with everchanging security technologies and a continuously evolving threat environment ,” he said . p
Sheldon Hand , Data and AI , Automation and Security Business Unit Leader , IBM Southern Africa
www . intelligentcio . com INTELLIGENTCIO MIDDLE EAST 53