FEATURE : SOC
Mike Walters , President , Action1 Corporation , said infosec professionals should pay considerable attention to the development of an efficient patch management policy . “ It is essential that the SOC team gets information about the latest software updates in real-time and is able to install them immediately after they are released by a vendor . Ideally , this procedure should be automated . A delay in patching critical vulnerabilities can cost too much for SOC ’ s customers ,” he said .
State of SOC adoption
Like the overall cybersecurity maturity , the state of the SOC market varies from region to region across MEA . For example , in many countries of sub-Saharan Africa , SOCs are still a privilege of government agencies and large corporations . And even these organisations sometimes report the lack of a mature cybersecurity strategy that covers all aspects of advanced threat defence .
IBM ’ s Hand added : “ We ’ re seeing organisations across all major industries adopting SOCs . The energy , manufacturing and healthcare industries – highly regulated industries which experienced the highest number of cyberattacks as well as increases in the average total cost of a data breach are driving adoption across the continent . Not far behind in adoption are the financial , retail , industrial , services and transportation industries which continue to face high attack volumes .”
Ian Jansen van Rensburg , Lead Technologist , VMware , said current approaches to cybersecurity make it impossibly complex to implement comprehensive best practices across an enterprise IT environment .
Van Rensburg said there is a huge assortment of security tools to manage : firewalls , anti-virus , intrusion prevention systems and threat detection systems , to name a few . “ Each tool has an enormous number of rules to manage . In turn , each of these must be set up to enforce access control and information protection policies at enterprise scale for all users and systems across the business . In some cases , this could literally mean millions of rules . Simply put , this makes for a configuration nightmare ,” he said .
According to our 2020 Cost of Data Breach study , there was an increase in companies that experienced breaches of more than 1 million records , which is considered a mega breach . “ Globally , breaches of one million to 10 million records cost an average of US $ 50 million , more than 25 times the average cost of US $ 3.86 million for breaches of less than 100,000 records ,” he said .
Pierre Jacobs , Head , Cybersecurity Operations and Compliance , CyberAntix , said the biggest pitfall is to try and develop an internal SOC . “ Experienced expertise is so scarce and you can sink or swim by just the technology choices you make , before you even get to the policies and processes . Most organisations don ’ t have an asset identification and classification scheme in place which makes it difficult to develop use cases . When outsourcing , choose your partner carefully . Ask for CVs of the senior resources and check for real cyber experience , not just network security experience .”
Callie van Vuuren , GM , Cybersecurity , NEC XON , said regardless of your type of business or the industry in which you operate , attempting to become a SOC or develop a SOC in parallel with your core business is a cake poorly baked . “ It will undoubtedly flop like those of so many others who have tried . Transport and logistics businesses don ’ t build their own trucks . Why would a financial services firm , a mine or a hospital build a SOC ,” he asked ?
Lehan van den Heever , Enterprise Cyber Security Advisor , Kaspersky in Africa
SOC challenges
As CIOs and CISOs across MEA are increasingly adopting SOCs , industry experts warn that they need to be extra careful when developing their own SOC or when outsourcing services from a SOC .
According to Hand , CIOs and CISOs must first understand that there is a high cost to a security failure .
However , added Van Vuuren , it ’ s an easy trap to fall into because many people mistakenly think that , because they buy a SIEM for US $ 1 million and it ’ s an IT system , that their IT team can run it for them . “ The truth is that the IT team of people can only do what they have been trained to do . Unless they represent the full gamut of requisite cybersecurity skills and unless you have a redundancy of those skills to account for three shifts , with the capacity to replace absent or lost personnel ,
www . intelligentcio . com INTELLIGENTCIO AFRICA 47