At this point, you'd be hard-pressed to find an organization that doesn't prioritize cybersecurity. Data breaches are as numerous as they are diverse in tactics, and no one wants to be at the bad end of one.
The problem is, will an organization actually know if it's been breached? If it's a distributed denial-of-service attack, then they most likely will. But some attacks spread more like a difficult-to-detect cancer. Sneaky malware can live in a network undetected for weeks, months and even years, constantly on the prowl for sensitive information that might sell for a pretty penny on the Dark Web.
Given how effective this methodology has been, it may be time for a reevaluation of best cybersecurity practices, and one that's a little smarter than building a bigger wall.
Organizations shouldn't have to be told that they've been hacked
For starters, federal law enforcement shouldn't have to inform businesses that they've become the victim of a data breach, and yet, this is sort of the status quo. Take, for example, the breach of Scottrade that affected 4.6 million people in October. According to the company's official release, they only learned about the incident after being notified by the FBI.
That same month, Dow Jones, parent company of The Wall Street Journal, was also breached, and also only learned of it after being notified by law enforcement. More recently, electronic toy manufacturer VTech was breached by a hacktivist, resulting in the exposure of personal data belonging to millions of parents and children. In this case, the company only became aware of the situation after the perpetrator came forward, according to Motherboard.
The glaring irony here is that most organizations are aware of the possibility of a data breach. In fact, a recent survey by NTT Com Security found that a mere 22 percent of companies feel that all of their company data is secure. To review, data breaches are happening left and right, businesses have little faith that they won't become the victim or one, and yet, so many of these breaches still go undetected. The problem, it would seem, is that too many businesses aren't looking hard enough.
Resignation to perimeter security is part of the problem
There was a time when cybersecurity was by and large a set-it-and-forget-it solution. Administrators loaded anti-virus and anti-spam software onto all of their computers and that was that. Unfortunately, too many organizations still subscribe to this antiquated methodology. As a result, many businesses have become over-reliant on perimeter defenses.
Perhaps the myopic focus on cybersecurity arises from ignorance regarding what else can be done. Organizations basically resign themselves to the notion that their data isn't safe, shrug and simply do the best they can with the resources they believe are available to them – the key word here is "believe."
More can, and must be done to strengthen cybersecurity
What many businesses may fail to realize is that they don't have to rely entirely on the integrity of their firewalls to blockade cyberattacks, and simply cut their losses once these defenses have failed. A lot more can, and must, be done to detect cyberattacks and nip them in the bud. Traditionally, this was the realm of SIEM software, which was costly and time-consuming to deploy, the reasons so many organizations passed on it.
"Deployment is affordable and fast."
Today, however, mid-market organizations have many more options available to them, not the least of which is a security operations center (SOC). In a SOC-as-a-service model, a dedicated security engineer constantly monitors an organization's network. This engineer keeps an eye out for suspicious or unusual activity – for example, network activity during non-business hours, or data being sent to countries the company does not do business with. In this way, the engineer supplies organizations with the knowledge they need to catch an attack early, and preempt substantial damage.
Right up there with cybersecurity, budget is a hugely important issue for mid-market organizations. The beauty of SOC-as-a-service is that unlike traditional SIEM offerings, deployment is affordable and fast. Not to mention, in the current cyberthreat landscape, the benefits pay for themselves. Organizations will have comprehensive records of all network activity that is constantly being assessed to weed out possible threats, and can improve overall security practices.
When it comes to cybersecurity, knowledge truly is the best defense. It's time to shield your organization with SOC-as-a-service.