FEATURE : SOC breaches of more than 1 million records , which is considered a mega breach . “ Globally , breaches of one million to 10 million records cost an average of US $ 50 million , more than 25 times the average cost of US $ 3.86 million for breaches of less than 100,000 records ,” he said .
Pierre Jacobs , Head , Cybersecurity Operations and Compliance , CyberAntix , said the biggest pitfall is to try and develop an internal SOC . “ Experienced expertise
WITH THE EXPANDING ATTACK SURFACE AND THE GROWING SOPHISTICATION OF THREATS , JUST REACTING TO AN INCIDENT IS NO LONGER GOOD ENOUGH .
is so scarce and you can sink or swim by just the technology choices you make , before you even get to the policies and processes . Most organisations don ’ t have an asset identification and classification scheme in place which makes it difficult to develop use cases . When outsourcing , choose your partner carefully . Ask for CVs of the senior resources and check for real cyber experience , not just network security experience .” this scenario . A firewall is capable of generating in excess of 30 events per second . A medium to large business may easily operate 10 firewalls . No human can monitor that . They require computerised , automated , orchestrated help . Installing and running the system that provides it requires skill . It must also be maintained properly because poorly configured updates undermine its effectiveness .”
Dimitris Raekos , Business Development Manager , MEA , VMRay , agreed with Van Vuuren and pointed out that setting up your own in-house SOC is a very demanding project and a big investment . Raekos said besides deciding on the required technologies which must of course seamlessly integrate with each other , CIOs and CISOs need to consider the on-going operational cost of running and maintaining a new SOC . “ Next , you must find sufficient staff with the correct skillset and experience – without the right talent , the new SOC will not provide the expected results . While staff shortage can be mitigated to a certain extend by well-designed processes and strong process automation , budget constraints and permanent struggles to obtain funds can become a major roadblock ,” he said . “ A SOC has access to very sensitive business information and this must be considered when outsourcing SOC operations . When using an external SOC , you should audit them regularly , which includes visits to the facilities . Look beyond the impressive screens on the wall , ensure that your compliance and data privacy requirements are met and that you receive the level of security service needed to keep your organisation safe . Keep in mind that you cannot outsource responsibility .”
Evolving threat landscape
Callie van Vuuren , GM , Cybersecurity , NEC XON , said regardless of your type of business or the industry in which you operate , attempting to become a SOC or develop a SOC in parallel with your core business is a cake poorly baked . “ It will undoubtedly flop like those of so many others who have tried . Transport and logistics businesses don ’ t build their own trucks . Why would a financial services firm , a mine or a hospital build a SOC ,” he asked ?
However , added Van Vuuren , it ’ s an easy trap to fall into because many people mistakenly think that , because they buy a SIEM for US $ 1 million and it ’ s an IT system , that their IT team can run it for them . “ The truth is that the IT team of people can only do what they have been trained to do . Unless they represent the full gamut of requisite cybersecurity skills and unless you have a redundancy of those skills to account for three shifts , with the capacity to replace absent or lost personnel , you have little chance of maintaining a properly functioning SIEM ,” he said . “ Consider
Lehan van den Heever , Enterprise Cyber Security Advisor , Kaspersky in Africa , said to fight modern global cyberthreats growing at an alarming rate , a SOC must be equipped with the technologies , security intelligence and knowledge that empower it to adapt to ongoing challenges in a changing threat environment .
Van den Heever said these encompass the likes of advanced defence technologies , access to global threat intelligence , cybersecurity training , forensics , security assessments and penetrating testing to name just a few . “ With the expanding attack surface and the growing sophistication of threats , just reacting to an incident is no longer good enough . Increasingly complex environments provide attackers with a multitude of ways to execute their attacks ,” he said . “ To protect themselves , businesses need to constantly adapt . This is where a SOC plays a critical role especially when combined with proactive threat intelligence that delivers the capabilities needed to detect , prioritise , investigate and respond to threats
36 INTELLIGENTCIO AFRICA www . intelligentcio . com