With the rise of cyber crime attacks on businesses - each more sophisticated than the last, Ian Vickers of METCloud speaks about how Security Operations Centre as a Service (SOCaaS) should empower, rather than hinder, modern SMEs.

2020 has been the year that tested the tensile strength of cybersecurity in businesses worldwide. With the migration of teams working from home en masse, coupled with businesses changing their long term office plans in a new world beyond Covid, it is imperative that SMEs recognise the need for the evolution of their cybersecurity measures.

According to the University of Maryland, hackers attack on average 2,244 times a day. This translates approximately to one attack every 39 seconds. In its Cost of a Data Breach Report 2020, IBM cited that it takes a business in the UK an average of 256 days to identify and contain a cybersecurity breach - that is approximately eight and a half months! As a result, the cost of breaches in the UK has averaged at £3.9 million with the service industry being most affected.

Traditional cybersecurity measures do not cut it anymore. In a world where cybercriminals do not sleep, neither should the vanguards keeping them at bay.

ENTER SECURITY OPERATION CENTRE AS A SERVICE (SOCaaS)

Delivered through a provider via a subscription, SOCaaS provides real time monitoring, detection and analysis of cybersecurity threats. This is accomplished by proactive detection of advanced targeted attacks that would have otherwise been undetected by existing perimeter controls.

SOCaaS marries the strengths of 24/7 surveillance through ML- and AI-based security tools with the analytical expertise of a team of highly-skilled cybersecurity specialists. This delivers an efficient and streamlined way to identify security gaps and eliminate threats through early detection.

HOW TO MAKE SOCaaS WORK FOR YOUR BUSINESS

While organisations must build robust cybersecurity measures into their normal operations in order to match the ferocity of modern cybersecurity threats, it is also important to make an educated choice on what is appropriate for their needs.

At the foundation of things, a good SOCaaS provider should be able to scale their services based on what is appropriate for the business. Increased surveillance of activity across a business’ IT estate at this point of time, should really include cloud infrastructures and work from home deployments given the evolution of a new-normal workplace.

The importance of collaboration between the SOCaaS provider and the business is integral in the efficacy of cybersecurity. To ensure this, the SOCaaS should be a service that delivers peace-of-mind and security to the client. It should not fatigue them with relentless reporting, and action requests that they may not have the time or resource to address.

THE LITMUS TEST TO GOOD SOCaaS

The persistence and ingenuity of cybercriminals today means that on top of cybersecurity, a SOCaaS provider has to help business maintain good cyber resilience. That is, to ensure that they are prepared to respond to and recover from cyber attacks.

When seeking out a provider, it is important to ask these questions:

1) Is your SOCaaS provider a cloud-native and multi-tenant platform?

Rather than provide you a selection of products, cloud-native multi-tenant platforms provide end-to-end cohesion and scalability.




2) To a non-IT expert, how easy is it to understand the data presented to you? Is it easily quantifiable in metrics?

It is important for your SOCaaS provider to help you understand the data and what it means for your business. It should be able to provide you the appropriate economic information and outcomes without bombarding you with technical jargon.




3) Is your business provided simple and relevant advice to ensuring that your team is compliant to the security guidelines?

Every business and the temperament of their employees are different. It is important that the SOCaaS provider is understanding of that and capable of delivering custom playbooks that fits your business priorities.




4) When threats do emerge from the ether, does your SOCaaS provider eliminate them in a timely manner, without your intervention?

The quicker a threat is addressed, the less damage it can cause. How equipped is your SOCaaS provider in delivering this?




5) How easy is it to deploy applications on the platform?

Cyber threats are ever-changing. It is important for the measures to keep up with them. It is important for the SOCaaS provider to be flexible and allow for swift deployment of security applications. Upon the deployment, it is important that it is seamlessly updated and integrated into playbooks and reporting.

EVOLVING WITH THE TIMES

As the threat landscape to businesses has multiplied exponentially, there has never been a more important time to implement SOCaaS capability. To ensure the efficacy of SOCaaS, It is crucial to empower business owners to understand and take charge of their cyber resilience.