“Cyber Security sounds complicated, but it doesn’t have to be”
Cyber-attacks continue to grow in sophistication, with hackers using an ever-expanding variety of tactics and techniques, organizations find themselves continually in a game of playing catch up.
Organisations infosec models are woefully under resourced, underfunded and lack the correct security infrastructure. Add to this, some inherit security problems such as:
- Inadequate infosec policies & procedures
- Lack of data/ security compliances
- Little or no security awareness training
- Departmental controls
- Untested security controls and procedures
- Confusion between compliance and cybersecurity
- Internal bureaucracy
To compound the problem even further, the security experts we rely on to address some of these problems to help create a resilient security posture, are simply far and few between.
Cyber security skill shortage has been going on for years, despite there are a lot of worthwhile industry and academic programs in place to address the issue. Research from ESG and ISSA that the cybersecurity skills shortage is getting incrementally worse each year.
Cyber security skills shortage effects 74% of all organisations and now represents an existential threat to all of us, and is now seen as one of the biggest risk to our cyber security resilience.
The aim of any good infosec model, is to develop an integrated & intelligent approach to securing your Information technology environment. Only effective cyber security models reduce the risk of cyber-attacks and protect against the unauthorised exploitation of systems, networks and technologies.
The principles the infosec model is founded on (including network security infrastructure, governance and testing) are underpinned by people. A good progressive model should consist of technologies, processes and controls supported by a team of security experts who constantly review, examine, update, certify and train.
“Every employee should be aware of their role in preventing and reducing cyber threats, to mitigate and respond to cyber-attacks effectively.”
In a survey conducted by IBM September 2020, (https://www.ibm.com/au-en/security/data-breach) they report that 52% data breeches are caused by malicious attacks, this now represents the most common of data breeches. They also reported that on average it takes organisations up to 280 days to detect a breech.
Even though there are many technologies and processes that exist today which help reduce the impact of these types of attacks – due to poor execution and mismanagement of infosec models, these breeches are on the increase.
The three most common types of malicious attacks are compromised credentials, cloud misconfigurations, and vulnerabilities in third-party software. By creating a security model that focuses technology and processes on these three categories, you could reduce the impact of the majority of malicious attacks.
However, with the lack of cyber experts available, creating and more importantly maintaining an infosec model can prove to be difficult.
Cyber Security as a Service goes a long way to create a robust and well-resourced model. CSaaS platform creates automation, helps infosec engineers to “autorun” repetitive tasks, monitor their networks and detect attacks in real time and ensures that processes and procedures are leveraged. IBM survey reported that those who fully deployed automation and have effective incident response, that the cost of a data breech was reduced by 50%. The average cost of a date breech being just over £3m.
“One way to overcome the skill shortage, is to share the experts, or in other terms outsource your core security infrastructure.”
The iMonitor Response
iMonitor’s Cyber Security as a Service platform ensures organisations maintain a well-resourced, technology and service driven solution.
Our CSaaS powered by IBM technology provides organisation with all the key elements to build a robust, cost effective infosec model. Our augmented approach works in union with your security experts to tailor make a security posture that works for you.
iMonitor security experts are constantly monitoring unusual behaviour on your systems, warning you of threats and keeping your systems patched, compliant and backed up.
Our CSaaS offer is tailored for your unique requirements – whether you host content in private or public clouds, in a hybrid or in legacy on-premises systems.
“Our CSaaS model is built on the principle of identification, protection, detection, response, and recovery”.
Find out more about the IBM best of breed technologies resilient, i2, QRadar.
From compliance and policy review to Red-teaming and Big FIX solutions, our comprehensive set of cyber services provides all the tools and expertise for you to build a robust information security model.
ABOUT THE AUTHOR
Raj Mehli is the Senior Business Consultant (Security Practice) at iMonitor.
He is known as a thought leader and trusted advisor within the IT industry and sits on various advisory councils, including with IBM. A high impact executive with success in building and transforming companies working across multiple industry sectors and international markets.