A big challenge that organisations have faced in recent times is convincing C-level executives to invest in a solid and robust cybersecurity strategy. This will almost certainly continue into 2023 and unfortunately, the battle won’t end there. Next comes the question of how much to spend on cyber security and exactly where it should be allocated, how it should be optimised, and considerations for insourcing vs outsourcing.
As cyber-attacks across the world increase, organisations will inevitably continue to spend on security tools and technologies; sometimes blinded by the latest and seemingly greatest ones. It is vital for organisations to go back to basics and start at the beginning. It is vital that organisations have a security strategy and roadmap, underpinned by one or more of the key security frameworks and that most spending is aligned accordingly.
Also consider benchmarking versus peers, as it helps determine whether they're budgeting enough and perhaps more importantly, in the right areas. Organisations should take a category-based approach and assign budgets to the necessary areas based on company needs and consider what peers are spending on their cyber security strategies.
As a guideline, businesses can benchmark security expenditure based on allocation per employee or proportional to annual revenue. This provides a baseline to derive the figure that the average organisation spends to protect against common cyber threats. Whilst spending levels vary significantly between interquartile ranges, it helps understand where the organisation stands on the spectrum of cyber security investment.
Overcoming the cyber security skills shortage
The first hurdle for many organisations is finding qualified employees to protect their critical IT systems. 39 per cent of companies struggle with SOC staff shortages and finding qualified employees.
The result of understaffing is a stressful and unproductive working environment. One survey of IT and SOC decision-makers found that 51 per cent feel their team is being overwhelmed by the volume of alerts, and 55 per cent admit they aren't entirely confident in their ability to prioritise and respond to them.
Where skills are in short supply, automation technology can provide some help in alleviating the issue. Where processes are defined and already exist within the security operations centre, it can be useful to look at repetitive tasks; those that have defined inputs and outputs. These tasks are ones that staff are spending inordinate amounts of time on repetitively.
What will change moving forward, is accepting the next generation of cyber security resources. With over three million unfilled vacancies in the industry, organisations today need to think beyond the traditional model of what constituted a cyber security resource. Whether that be a resource that's technically focused or one that's more human-focused and collaborative, it's important to realise that not all skills fit the same profile. As is the recognition and acceptance that talent can be found in more readily transferable and cross-trainable industries.
Getting ahead of the threat landscape
Moving into 2023 and beyond, the threats and subsequent attacks will only increase, contributed to by continuing political conflicts and the UK's involvement as well as ongoing remote working across many businesses.
One increasingly common approach to alleviate these risks is the rising adoption of Managed Detection and Response (MDR). With data breaches becoming more difficult to prevent, it is essential to rapidly respond to security incidents to reduce the potential impact on business continuity or data security. The most effective way to decrease incident response time is with an MDR service, which provides 24/7/365 support from a remote SOC that helps companies detect and respond to threats ASAP.
MDR provides enterprises with all the support they need to detect and respond to the next generation of cyber threats. Rather than paying to maintain an on-site SOC, paying a single monthly service fee and have a team of security analysts on-call to help means that security incidents can be detected, investigated, and contained, reducing the chances of damaging data leaks and business-impacting downtime.
