Strengthening cyber defences in the age of digital complexity

Johannesburg, 12 Apr 2023
Chester Wisniewski, Field CTO Applied Research, Sophos.
Chester Wisniewski, Field CTO Applied Research, Sophos.

The digital landscape is constantly evolving, and with it, the complexity of managing cyber security. In a world where threats are becoming increasingly sophisticated, organisations must adapt to stay ahead. One of the most effective ways to strengthen cyber defences is by embracing security consolidation.

For Chester Wisniewski, Field CTO Applied Research at Sophos, investing in cyber risk mitigation technology is a top priority because prevention is always cheaper than cure. “Modern attacks can be very costly to the victims,” he says. “The average ransomware attack cost South African companies $710 000 before any ransom payments were even considered.” 

Today, Security Operation Centres (SOCs) must be 24/7/365 operations. In addition to this, “attacks originate from around the world and often can cause enormous damage in only a few minutes,” adds Wisniewski.

The result is that it has become more and more difficult for most organisations to successfully manage detection and response (MDR) on their own. “As operations have modernised, everything has come to involve a digital component, but these systems are not typically designed to work in tandem with one another,” explains Wisniewski. “This means supporting a plethora of complex applications, none of which are aware of the others, in a modern business environment.”

Even though Gartner estimates that by 2025, 50% of organisations will be using MDR services – and research by the SANS Institute indicates that 72% of organisations plan to adopt or expand their use of MDR services within the next two years – businesses are struggling to identify threats quickly and accurately.

“It takes experience. Not only do you need to recruit difficult-to-find security analysts, but if they are only protecting your environment then every attack with a human attacker is novel,” he says. “This leads to high costs and slow response times. Many organisations are looking to security as a service (SaaS) offerings as analysts defending multiple organisations have more exposure to advanced threats and can identify and shut down attacks faster.”

Software as a Service (SaaS) has gained significant traction in recent years and will continue to grow as a strategic component of many organisations' defence strategies. One of the reasons for this is that different organisations have different internal capabilities and needs. SaaS brings the advantage of outside expertise when needed to drive efficiency and innovation in organisations' defence strategies. 

“The shortage of skilled security professionals combined with the rapid pace of threat advancement confers a big advantage to using outside security experts for help,” he says. “Internal IT security teams need to focus on the specific security needs of their internal processes, while SaaS vendors can be keeping things operating efficiently and hunting for the latest threats originating from the outside.”

Wisniewski believes the best outcomes are achieved when the common threats are handled by SaaS and the internal security processes and knowledge specific to the client are handled internally. “This keeps the internal teams focused on strategic work that supports their organisation's mission, while the external team handles the commodity threats,” he adds.

A study by the Ponemon Institute found that organisations leveraging MDR services can reduce the time it takes to detect and respond to threats by 52%. Now, more than ever, support for third-party products and platforms in MDR is crucial. The growing complexity of cyber threats demands a flexible, comprehensive and integrated approach to security, enabling organisations to stay ahead of emerging risks and fortify their defences.

Wisniewski emphasises the importance of flexibility with data sources in a SOC, allowing for customisation where necessary. “Being flexible with the sources of data your SOC operates on allows for customisation where necessary,” he says. “Regardless of the source of information, being able to view, interpret and respond in one place. It can also be critically important where a lot of work on automation and training has been invested in a platform, especially one that is operating at peak performance. It is better to integrate it with other high-performing tools than to try to replicate or replace an optimised solution.”

In a world of ever-evolving cyber threats, a unified, effective defence strategy is paramount.

“In the end, it is all about having the right information at your fingertips and being able to act upon that information expeditiously,” concludes Wisniewski. “It can certainly be done across multiple vendors, threat intelligence sources and cloud providers. The key is visibility and turning that knowledge into action.” 

See also