By Tim Wallen, below, Regional Director for the UK, US and Emerging, Logpoint
When it comes to cybersecurity, medium-sized enterprises are now under unprecedented strain to do more with less. Regulators expect them to be more accountable. The SEC indictment of the SolarWinds CISO has set a precedent and NIS2, set to come into effect in Q3 2024, lay the groundwork for personal liability in the event of a breach. This may well cause senior management in the mid-tier sleepless nights, particularly as they have little to work with to bolster defences.
The economic downturn has seen budgets cut or frozen while hiring has never been more difficult thanks to a shortage of security personnel. In the UK, the workforce gap grew almost 30% last year according to ISC2, meaning the majority of organisations can expect to have critical skills gaps that could jeopardise their defences for the foreseeable future. Added to this, attackers are upping their game, with the NCSC recently warning that the intensity of attacks will increase thanks to AI with ransomware set to become much more of an issue thanks to more convincing phishing emails.
The perfect storm
Each of these developments would be challenging enough to deal with but together they create the perfect storm that will see the defence capabilities of the mid-sized enterprise severely tested. In order to keep afloat, these businesses are going to have to take a long hard look at how they can continue to improve and manage their security posture. And it’s a real dilemma.
Investing in more technology risks bloating the cybersecurity stack, resulting in overlapping solutions and swivel chair operations as the security team switches from one interface to another. Taking on more staff is going to be challenging and potentially expensive given the skills shortages. And increasing the workloads of existing staff is unlikely to pay off as it risks corners being cut and harming team morale.
To navigate its way forward, the business is going to have to think strategically about how it can rationalise operations and reduce the resources needed to man them while increasing its defence capabilities to meet compliance demands and cope with assaults.
It’s for these reasons that we’re likely to see the mid-market actively embrace Managed Detection and Response (MDR) in 2024, an outsourced offering which can keep pace with the rapidly evolving threat spectrum. MDR allows those with limited resources to access human expertise and cutting edge technology, and solves the problem of security teams of potentially becoming overburdened.
What is MDR?
MDR is a security-as-a-service offering which sees experts monitor the organisation’s network, endpoints and cloud and respond to threats 24×7. Unlike Incident Response (IR), which is purely reactive, MDR also sees the provision of threat detection and incident response (TDIR) and seeks to reduce risk and improve security. The team may well make recommendations with respect to security policy, for example, and help to fine tune defences, so are much more proactive.
MDR utilises technology such as a next generation Security Incident and Event Management (SIEM) platform to collect and analyse logs and event data which is then analysed and used for threat hunting. Endpoint detection is used to look for threats on end-user devices while User and Entity Behaviour Analytics (UEBA) helps to qualify threats by providing context and identify unknown threats. But as these are all provided by a third party, there is no outlay on the part of the business nor overhead management costs.
While MDR is provided remotely it differs from an outsourced service provided by a Managed Security Service Provider (MSSP). This typically sees the provision of automated security monitoring and remediation advice with the customer accessing services via a portal. In contrast, MDR provides an on-tap resource in the form of a human team who will monitor activity and threat hunt as well as focus on alerts, remediation and recovery in the event of an attack. That said, there is an exception to the rule in that some MSSPs do offer MDR as a bolt-on service.
A change in mindset
MDR undoubtedly confers real advantages and could well be the answer the mid-market has been looking for but there’s no doubt it will require a huge change in mindset. It will see a fundamental shift in the way mid-market businesses approach cybersecurity as these organisations have always tended to conduct their security inhouse. But if they can take the leap and entrust their detection and response to specialised experts they stand to benefit in numerous ways. Not only will these businesses be in a better position to safeguard their critical assets but they’ll also be able to maintain customer trust by demonstrating their commitment to cybersecurity during these challenging times.
Given the veracity of the cyber threat, the need to meet compliance requirements and the onus on the business to prove its due diligence, we can expect MDR to become more well-established over the coming year. Choosing to rely on dedicated cybersecurity partners to do the heavy lifting and navigate the intricate and ever-evolving landscape of cyber threats and regulations on their behalf makes sense and it will allow mid-market businesses to focus on what they do best and their core business activities.