Solving SecOps Challenges: 3 Strategies for Mid-Sized Businesses to Prioritize
By Ashley Hernandez,
Most organizations, those with interconnected websites, mobile commerce platforms, or thousands of global employees, have some form of security operations (SecOps) program. Today, these companies are becoming increasingly aware of the importance of having a mature SecOps program, but may not fully understand how to evolve and keep up with the technology or the changing attack surface.
43% of cyber attacks target small businesses, up from 18% a few years ago. 
Maturing security operations can be difficult, particularly if resources are limited, staff are hard-to-hire, and critical technology may not be properly deployed or may be lacking. These issues affect all companies, but they especially affect mid-sized businesses with small security teams. Introducing a SIEM solution, implementing remote workforce controls and employee training, and outsourcing to an external MDR provider are three strategies for maturing SecOps.
Interested in learning more about maturing your SecOps program? Download our eBook Managing Security Risk: Cybersecurity Solutions for Mid-Sized Businesses to learn about solutions to 3 challenges that are increasing risks: the expanding attack surface, advanced ransomware and phishing attacks, and a rise in attacks on security vulnerabilities.
24/7/365 Security Alert and SIEM
A Security Information and Event Management(SIEM) solution ingests log sources from preventative technologies like antivirus, intrusion detection systems, vulnerability scanners, and critical netflow from connected systems throughout the company environment. These tools require 24/7/365 monitoring by security experts who know how to interpret and prioritize alerts.
A poorly managed SIEM generates an excessive number of false positive alerts, contributing to the alert fatigue and burnout experienced by an increasing number of security professionals. Since SIEM management expertise is needed to properly deploy, manage, and tune the SIEM, choosing the right SIEM management strategy, in-house or outsourced, needs to be carefully considered. Not all SIEMs are the same, and not all organizations can afford a best-in-class SIEM. Choosing the right SIEM management approach is also important.
Security Controls for the Remote Workforce
With remote or hybrid work being the new normal, the use of personal (BYO) devices and the rate of employee churn have increased. Staff turnover and BYO devices introduce the risks of improperly secured endpoints, putting the business in danger. The repercussions of data breaches related to remote work are also more severe, “the average cost [being] $1.07 million higher in breaches where remote work was a factor in causing the breach, compared to those where remote work was not a factor.” (IBM)
Migrating to the cloud to support remote work without modernizing the rest of the SecOps program increases risk. The same IBM report found that “$5.54m average cost of a breach at organizations with 81-100% of employees working remotely.” According to an article by Cybint, “95% of cybersecurity breaches are caused by human error.”
New employees introduce risk because they are more likely to unwittingly click on phishing emails because they aren’t used to company branding and CEO communications. Studies show that most phishing emails are clicked on because of the “perceived legitimacy of the email (43%) and the fact that it appeared to have come from either a senior executive (41%) or a well-known brand (40%).” Add remote employees and BYO devices and the risk skyrockets.
Security awareness training, phishing email tests, and other security controls are the best ways to prevent a cybersecurity incident. Even with security awareness training, employees still make mistakes. The security team has the arduous task of catching those mistakes before threat actors gain a foothold in the network.
Outsource for Expert Support
A recent Gartner study about managed security services found that close to 90% of organizations looking to outsource at least some aspect of security will focus on detection and response services.
Outsourcing is a good way to address immediate staffing pressures and associated security risks. Instead of spending limited resources on trying to hire in-demand experts at astronomic salaries, outsourcing some aspects of security operations to a security vendor enables in-house resources to be used for outcomes-focused activities.
Be Prepared with a SecOps Strategy
To manage security operations challenges, companies are shifting to managed detection and response faster than ever. Implementing three strategies – 1. SIEM management, 2. security controls and employee training, and 3. outsourcing for expert support – will improve security maturity, alleviate alert fatigue and increase confidence in your organization’s security posture.
[eBook] Managing Security Risk:
Cybersecurity Solutions for Mid-Sized Businesses
How Deepwatch MDR Essentials Can Help
- Get Time Back for the In-House Team: Relieve understaffed in-house security teams from complex security burdens that inevitably cause staff burnout.
- Proactive Security: Reduce risk with increased visibility across the network, including email security to stop phishing and mitigate the risk of ransomware.
- 24/7/365 Monitoring: Expert analysts quickly detect and respond to threats, reducing the likelihood of a catastrophic breach.
Deepwatch MDR Essentials with added Email Security further strengthens your security posture with preventative email security integrated into fully managed detection and response. With added email security, Deepwatch MDR Essentials helps secure organizations 24/7/365 by mitigating cyber-security events, including ransomware, through a combination of prevention, detection, and response – at the price you want.
To learn more about how MDR Essentials can fortify your security posture with the security operations program you need at the price you want, contact us today for a meeting with one of our Security experts.
Bussa, Toby et. al., “Market Guide for Managed Detection and Response Services,”
Gartner, August 26, 2020 – ID G00722909: https://www.gartner.com/en/documents/3989507/market-guide-for-managed-