Why Threat Monitoring Must Be 24/7/365
Today’s organizations are improving their ability to protect against data breaches,
The Ponemon report projected the average cost of a data breach discovered within 100 days at $5.99 million. Any longer than 100 days, and that amount increases to $8.70 million. For small and medium-sized enterprises, those costs can cripple their operations.
“A breach that lingers for more than 100 days costs nearly $9 million on average.”
Businesses must do more to quickly detect threats. That makes improving continuous threat detection and response capabilities a prime necessity.
From ‘Full-Time’ to ‘All-the-Time’ Monitoring
Today’s hackers are geographically distributed, meaning their day often begins as your business prepares to close shop. This alone warrants threat monitoring capabilities that go beyond the standard 9-to-5 workday.
An enterprise typically staffs its security operations center (SOC) around the clock with security analysts who can perform alert triaging tasks and can investigate indicators of compromise after hours. If necessary, they’ll coordinate with incident responders to address elevated threats that require immediate attention. So, why can’t it wait until morning? Among the reasons are:
- Self-propagating malware: Remember the WannaCry and NotPetya ransomware? According to Cisco’s 2018 Cybersecurity Report, they pioneered a new form of malware that is “self-propagating” and expected to cause serious problems this year. Whereas most forms of malware require human involvement to instigate, “an active and unpatched workstation is all that is needed to launch a network-based ransomware campaign.” In other words, advanced, “worm-like” strains of ransomware can strike at any time, without warning, and then move laterally across the network. A ransomware crisis can literally develop overnight.
- Advanced persistent threats: The goal of an APT isn’t usually do to harm to an organization, but rather to slither inside the network undetected and remain hidden, covering their tracks. They’ll then create backdoors in the network which they can sneak data through at opportune times. For obvious reasons, it’s important to catch APTs sooner rather than later. The longer hackers maintain persistence, the more data your business loses.
For these reasons and others, waiting until morning simply isn’t an option. Indicators of compromise must be caught early, investigated swiftly and remediated expeditiously. None of this is possible without 24/7/365 threat monitoring.
A SOC for SMEs
The cost of continuous threat monitoring is more than SMEs can handle. Implementing the right security orchestration tools and configuring a security information and event management (SIEM) solution are expensive, time-consuming and complicated. Plus, hiring multiple teams of security engineers to manage those resources 24/7 adds millions of dollars to the already exorbitant tech costs. Meanwhile, the alternative – buying security solutions ad hoc and managing them during normal business hours only – is hardly sufficient given for all of the reasons mentioned here.
But that doesn’t mean SMEs need to settle for subpar cybersecurity that can’t provide continuous monitoring. In recent years, the managed-services model facilitates by cloud computing has enabled a new type of SOC called SOC-as-a-service. For a predictable subscription fee, SMEs receive continuous managed detection and response (MDR) services that are supported, at any hour of the day, by a team of security engineers.