Hackers only need to find one weak point to steal valuable information. On the flip side, you need to account for every possible vulnerability across your entire infrastructure. Doesn’t seem fair, but it’s the world we live in – we must band together, think like the bad guys and take action to protect what matters.
Recent high visibility hacks, such as those at Target and Neiman Marcus, are powerful reminders that we need to outpace our adversaries, thinking beyond yesterday’s attacks to prepare for what might come tomorrow.
Fighting crime is a losing battle if the adversary is two steps ahead of the law. This certainly holds true in the world of cyber security, where the criminals are faceless and motivated by large financial rewards. How, then, can we protect ourselves?
Enter the Security Operations Center (SOC). Similar to a flight operations center, an SOC is the central control room for all things security, designed to detect and respond to breaches around the clock. The SOC is a critical component of any security strategy, but it’s only as good as the people, processes and technologies put in place to run it. This includes incorporating traditional IT operations into the mix, taking a converged approach to security that brings together existing IT monitoring practices with security operations to provide a holistic view of risk across the entire enterprise.
A recent study from the Ponemon Institute revealed that companies investing in a comprehensive SOC saw a 20 percent better ROI on their security spend. These organizations saved on average $4 million more than their SOC-less peers.
Despite the data, a lot of organizations feel putting the basics in place is sufficient. For many, it takes going through – or seeing peers go through – a high-profile, public breach involving negative publicity and lost revenue to realize the importance of a highly capable SOC and vanquish the “it’ll never happen to me” mentality. Even those industries that have the most mature defense capabilities, such as large retailers and financial institutions, are not immune. In fact, they can be bigger targets due to the volumes of valuable customer data they hold.
In a recent five-year study focused on the state of nearly 70 global Security Operations Centers across private and public sector organizations, HP found that three out of four organizations were unable to achieve basic consistency of operations, and only 30 percent of organizations that formally defined business goals and compliance requirements were able to meet them.
The study discovered that having the right people in place can make the most profound impact on the overall capability of a SOC. The human element in security operations centers is often overshadowed by an over-reliance on technology. Organizations invest more money in technology rather than staffing trained analysts with the appropriate skills to run these centers. Systems only get us so far; they cannot apply non-linear thinking to an incomplete picture to develop a reasonable hypothesis. Human analytical capacity, combined with gut instincts, is still the most effective weapon in a company’s security arsenal.
With a high demand for relevant security skills and the steady increase in compensation for experienced individuals, entities must invest in skills development and talent retention to sustain security operations. For example, HP studied the effectiveness of an SOC within a Fortune 100 company, finding the company’s steady progression in the development of key SOC staff resulted in more consistent processes and the right mix of expertise needed to conduct effective security operations.
While technology and process are important, people need to remain at the center of a successful security defense operation. Recent breaches and research continue to spotlight the lack of qualified security professionals in the information security industry.
Recent research published by the Ponemon Institute highlighted that 40 percent of all security positions are unfulfilled today. Universities cannot turn out graduates fast enough, and struggle to provide sufficient real-world experience in the classroom to fill this growing talent gap as security threats surge and organizations strive to strengthen their internal security defense teams.
SOCs must prepare for this inevitability and develop hiring pipelines through relationships with local universities, ancillary teams across the company, and industry groups. Organizations must recognize the market competitiveness of security skills and invest in talent to prevent attrition, which threatens security sustainability.
The one thing for certain is that cyber criminals will never stop learning and sharing information that enable them to probe and attack high-profile targets and intellectual property. Remember, they only have to get it right once. It’s time for organizations do the same, investing in comprehensive security operations centers by converging technology, processes and people to protect what matters.
Hackers will never stop trying to break in. Let’s just make sure we don’t hand them a key to the front door.