Plug the cyber security talent gap with MDR

Managed detection and response provided as a service plays a vital role as it becomes more difficult to find multi-skilled security staff.
Paul Stuttard
By Paul Stuttard, Director, Duxbury Networking.
Johannesburg, 11 Jun 2024
Paul Stuttard, director, Duxbury Networking.
Paul Stuttard, director, Duxbury Networking.

According to the World Economic Forum, four million professionals are urgently needed to plug the talent gap in the global cyber security industry. This talent shortage could reach 85 million workers by 2030.

This is alarming, especially in light of a recent survey of Fortune 500 CEOs who identified cyber security threats as one of their top two concerns.

In South Africa, the situation is no different. In conversations with cyber security professionals, the focus is always on “people”.

For example, many organisations employ firewall and e-mail protection systems, as well as intrusion detection and prevention systems. They have cloud computing platform management software, together with WiFi controllers, managed switches, server and endpoint protection devices and more.

While skilled professionals are an appreciated and scarce resource, technology is gaining importance and is set to play a vital support role.

Generally, all these systems are individually managed by specialists. Finding multi-skilled personnel to take responsibility for them all on a 24 x 7 x 365 basis is extremely challenging. As a result of understaffing, many corporate networks are susceptible to cyber attacks that often pass unnoticed.

One of the solutions to this global problem is to expand the skills base of the current corps of cyber security professionals and enable these valuable staff members to make a greater impact.

It must be accepted that while skilled professionals are an appreciated and scarce resource, technology is gaining importance and is set to play a vital support role.

One technologically-based solution that is increasingly seen as a proactive approach for many organisations that demand adequate responses and remediation functionality when it comes to cyber security is managed detection and response (MDR) provided as a service.

MDR as a service involves outsourcing the monitoring and management of an organisation's security infrastructure to a third-party provider. Typically, MDR service providers offer around-the-clock monitoring of an organisation's firewalls, intrusion detection and prevention systems, together with oversight on anti-virus and anti-malware software systems, to help identify any signs of suspicious activity or security breaches.

Today, there is an increasing demand for MDR services, as the shift to remote work has expanded the attack surface for cyber threats.

Against this backdrop, MDR service providers are advanced in the use of cutting-edge threat detection technologies that rely on machine learning (ML), artificial intelligence (AI) and big data analytics to enhance their cyber security capabilities.

To find patterns suggestive of cyber risks, ML algorithms evaluate massive amounts of data from a variety of sources, including logs, network traffic and endpoint behaviours. Unusual behaviour, abnormal access records, or established indicators of compromise are a few examples of these patterns.

MDR systems driven by AI can identify advanced cyber threats, insider threats and zero-day exploits that conventional signature-based methods could overlook.

By combining ML and AI, MDR platforms are able to create a baseline of typical user, device and application behaviour. From there, these systems can spot deviations that can point to a security issue. Additionally, response activities based on preset policies and regulations can be automated by ML and AI.

When a threat is detected, MDR solutions enable fast action, such as isolating compromised endpoints, blocking malicious IP addresses and quarantining suspicious data.

Additionally, these systems are changing the paradigm from responding to threats reactively to actively seeking out threats by using ML, AI and Dark Web intelligence to anticipate attacks. This reflects a trend in which forward-thinking MDR service providers are looking to investigate ecosystem alliances and cross-industry collaborations to provide clients with more complete solutions and thus expand their market reach.

MDR services are often tailored to meet the individual needs and requirements of an organisation. Providers work closely with clients to understand their specific security challenges and develop customised solutions, such as automated, real-time threat response systems and patch management programmes that maintain software currency.

MDR services help companies achieve and maintain compliance with industry norms and standards by providing comprehensive reporting and documentation of security events and incidents. To guarantee that data can be restored in the event of a breach or data loss, they frequently feature automated backup and recovery options.

Given this, are there any prospects for human cyber security specialists in the future?

The response is unquestionably “yes”. A combination of technological and human components is now thought to be ideal for complete cyber protection.

For example, it has been shown in numerous cyber security incidents that a coordinated response utilising both technological and human resources is the most effective way to achieve quick threat identification, containment and impact reduction.

Furthermore, fraudsters are growing more skilled and cyber threats are always changing. Developing effective remedies and spotting new dangers require human expertise and agility.

While relying on technical solutions makes restoring systems and data easier, business specialists' skills are frequently needed for managing and coordinating post-threat recovery operations.

CEOs of today's corporations should understand that technological advancements such asMDR and the companies that offer this technology as a service are inevitable. However, they should also recognise the responsibility of their own cyber security professionals and look into ways to help them succeed.

CEOs should encourage employees to emphasise cyber security in their daily work so that they can develop a corporate security culture, which is crucial for organising and carrying out an organisation's cyber security measures, whether they are technological or human-focused.

There is strong evidence that businesses that utilise this strategy are more successful in enlisting specialised outside knowledge to assist their internal cyber security teams, leading to superior outcomes.