What does it take to run round-the-clock security?

New research by Trend Micro has revealed that many UK organisations lack the resources and leadership to maintain effective cybersecurity monitoring around the clock. The study surveyed 100 UK cybersecurity leaders (as part of a wider global study), and identified three major gaps in cyber resilience: 

• Only 31% of organisations have sufficient staffing for 24/7/365 cybersecurity.
• Only 32% use effective attack surface management techniques to measure risk.
• Only 34% leverage proven regulatory frameworks and/or other cybersecurity standards (like the NIST Cybersecurity Framework). 

These are the basics. Without these foundations in place, organisations can’t build or maintain cyber resilience. And in most cases, the failure of organisations to cover these key areas can be traced back to a lack of cybersecurity leadership in senior management, and little accountability for cybersecurity best practices. 

Globally, almost half (48%) of the respondents to Trend Micro’s research said their organisation’s leadership doesn’t consider cybersecurity to be their responsibility, while only 17% strongly disagreed with that statement. 

So who is responsible for cybersecurity? 

If not senior leadership, then it’s important to ask who is perceived to be responsible for cybersecurity – and consider whether those perceptions need to change in order to enable round-the-clock security. 

Trend Micro asked who does (or should) hold responsibility for mitigating business risk, and the responses suggested that perceptions vary. In the UK, 25% said IT teams are responsible for cybersecurity – but that doesn’t take into account the reality that senior management decision-making can significantly impact the resources that IT teams can access, or the reality that IT professionals are not necessarily cybersecurity professionals. 

According to Intelligent CISO, Bharat Mistry (Technical Director at Trend Micro) said: 

“A lack of clear leadership on cybersecurity can have a paralysing effect on an organisation – leading to reactive, piecemeal and erratic decision making. Companies need CISOs to clearly communicate in terms of business risk to engage their boards. Ideally, they should have a single source of truth across the attack surface from which to share updates with the board, continually monitor risk and automatically remediate issues for enhanced cyber-resilience.”

Effective and constant cybersecurity requires significant resources 

Real focus from leadership teams is essential to ensure round-the-clock security; because it requires significant resources, and only senior leadership can ensure that those resources are available. 

To maintain security 24/7, companies need a dedicated security operations centre (SOC) – with a team of security analysts, engineers, and incident responders working shifts to provide continuous coverage. 

The staffing requirement is a key barrier to round-the-clock security for many organisations. It takes a minimum of 10 employees to cover three eight-hour shifts each day, seven days per week. And for bigger businesses, this can increase to 30+ team members.

Apart from people, an SOC requires a technology infrastructure that provides centralised visibility across the organisation’s entire network and IT environment, with continuous monitoring and advanced tooling. 

The people and the tech together need to work with clearly defined processes and procedures; from incident response protocols to ongoing threat hunting and patch management processes, as well as regular security training for everyone in the company. 

All of this comes as a high cost – both financially, and in terms of staff burnout and alert fatigue.

What can smaller businesses do? 

Implementing round-the-clock cybersecurity is essential in the modern threat landscape. Attacks can happen at any time, and rapid detection and response is critical to minimise damage.

A growing number of businesses are leveraging third party SOCs to avoid the challenges of managing their own in-house centre. It’s a viable option for organisations that lack the resources to run their own operation, and offers greater cyber resilience to SMEs that might otherwise push cybersecurity to the bottom of their priorities list. 

If your organisation doesn’t have round-the-clock security, it’s time to act. Register now to attend Black Hat MEA and connect face-to-face with leading international cybersecurity vendors and experts – and gain the knowledge and contacts you need to protect your business.