How to Tackle the Four Most Common SecOps Challenges
Discover how organizations can tackle security operations challenges.
Michael Lyborg, CISO at Swimlane, stresses that it is equally important to familiarize oneself with the biggest SecOps failures, how they can lead to detrimental consequences such as the GoDaddy breach, and how to prevent them.
News of GoDaddy’s multi-year data breach is sure to spark concern among organizations across industries questioning how a company could consistently leak data for several years without knowing. While the answer to this question isn’t known, the situation is the latest reminder of the importance of reevaluating cybersecurity strategies and security controls to avoid becoming the next victim.
As important as it is to enforce prioritizing efforts such as threat detection, Zero Trust, and security automation, it is equally vital to familiarize oneself with the biggest SecOps failures and how to prevent them.
Analyzing Unsustainable Operations
Organizations need help developing a sound cybersecurity strategy, and these difficulties collectively push organizations into an unsustainable state of security operations. The increased attack volume is causing security operations center (SOC) analysts to experience severe alert fatigue. SOC teams have more tools in their tech stack than ever before, and even though these tools don’t talk to each other easily, SOC teams are expected to be more productive than ever. This comes as CISOs and other security executives face increased pressure to articulate the importance of security for broader businesses.
Why do these difficulties have such a significant influence on security operations? Everything is expanding in the SOC. Since 2018, there has been an 11% increase in data breaches and 67% since 2014. At $4.24 million, the price of a breach is higher than ever. Attacks using ransomware surged by 435% alone between 2019 and 2020. Manual security procedures are unable to keep up.
See More: 5 Best Practices for Running a Security Operations Center (SOC)
Key SecOps Challenges Security Teams Struggle to Overcome
GoDaddy’s years-long data breach appears to result from an initial credential compromise allowing attackers to access keys. From there, intruders maintained persistence over the years, most likely due to the inability to conduct a full root cause analysis of all compromised systems that would have ensured the attackers no longer had access. What started with unauthorized access to their legacy code base for Managed WordPress in early 2020 snowballed to a breach of over 1 million accounts’ associated email addresses, sFTP, database and SSL private keys in 2021, and now to the latest, as reported by users in late 2022—the proliferation of malware via their customers’ public-facing services. While analyzing the root cause of this detrimental breach, it is important to consider other SecOps challenges that can lead to a similar incident:
1. Attacks and data breaches are happening at unprecedented levels
In recent years, the quantity of cyberattacks has increased. Enterprise organizations often face tens of thousands of alarms daily due to increased attack volume and the multiple monitoring technologies utilized to detect and identify attack and vulnerability data. Cyberattacks can come in various forms, from phishing and ransomware attacks to more complex, targeted attacks intended to steal confidential data or degrade vital infrastructure. Spending on cybersecurity measures has surged due to the frequency and severity of these attacks, but the threats keep evolving and surpass the defenses to stop them.
2. Workforce shortages in cybersecurity and alert fatigue
Alert fatigue, or the exhaustion experienced by security analysts trying to keep up with the necessary response activities – including the threat information made accessible through both commercial and open-source providers – is a result of the increasing amount of alarms, according to many in the sector. The overwhelming amount of data handled by security operations teams is not surprising, especially if they use outdated tools to complete their work.
The answer isn’t to hire more cybersecurity staff. Why? They don’t exist. By 2025, it is predicted that there will be 3.5 million cybersecurity job openings worldwide, similar to what it was in 2021. The biggest and hardest obstacle for businesses is a lack of qualified personnel. Finding, developing, and keeping cybersecurity staff can be challenging, particularly when the churn rate is unusually high.
See More: How To Build a Cyber Fortress: Lessons From Ancient Greece
3. Disparate technology & siloed teams
Enterprises will find it challenging to adopt and manage modern use cases leveraging old technologies. According to Cisco’s research, only 59 percent of firms (down 5 percent from last year) claim to have “very up-to-date” security tools. Even modern security tools often don’t integrate in a single, easily-consumable way, so analysts must jump between dozens of tools to investigate a single alert. Coordinating responses to occurrences that cross organizational borders can be challenging when various security teams or departments work independently.
4. Lack of business value and performance visibility
Understanding the value of the SOC from the perspective of larger overhead business goals requires an awareness of security performance measures and KPIs. How soon are possible dangers identified? What is the typical MTTR and MTTD? Rates of false positives? Decision-making speed?
To accurately measure the business value of SecOps, security directors require clear visibility into incident response metrics. Lack of visibility can make it more challenging for security teams to respond to security breaches, stop such incidents from happening in the future, and inform other parts of the business of the positive impact of the risk mitigation program.
Investment in the appropriate technology and tools, dedication to standardization, and efficient coordination between various organizational sections are necessary to address these difficulties.
Addressing and Overcoming SecOps Challenges
All-encompassing security solutions prioritizing visibility into every aspect of an organization’s IT ecosystem are essential for companies struggling with their SecOps processes. These centralized platforms improve visibility and efficiency, speed up security performance and stop threats faster.
Let the GoDaddy Breach Be a Lesson
Automated Supply-Chain Security and a ZeroTrust architecture, with active monitoring of user entity behavior and analytics, could most likely have assisted with identifying the early signs of GoDaddy’s compromise. Additionally, speed and business continuity plans in place for systems to provide security team end-user notification, collaboration to roll all secrets/credentials, and the ability to restore the last known good state would have been helpful, as well as implementing a low-code security automation platform to leverage streamlined detection and proper incident response.
Implementing a more sustainable security strategy is a robust method to increase an organization’s capacity to deal with present and emerging threats without compromising worker productivity. Even though there are many obstacles to overcome, using the proper tools will improve an organization’s security risk posture, and threats will be stopped more quickly.
Which strategies have you implemented to tackle SecOps challenges? Let us know on Facebook, Twitter, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock
MORE ON SecOps
