Remote work is here to stay. Cyber criminals will continue to deploy innovative tactics to exploit weaknesses such as less secure personal devices and employer-owned devices connected through home WiFi. They will thrive in a highly porous security environment. There are two major blind spots in today’s threat landscape: misinformation and ransomware.
As new technologies and innovations begin to achieve widespread adoption, this cycle will continue. New blind spots and technology requirements to ‘fill the gaps’ will emerge. For instance, as cryptocurrency hits mainstream use, more crimes involving crypto transactions will be exposed. A need and technology for organisations to track such transactions will arise.
Early indication of phishing has been evolving to take advantage of audio and video deepfake technology and one expects this trend to mature next year. As a result, organisations will seek technology to assist in verifying external identities in near-real time at the transactional level (email, phone, instant messaging etc.). Think Two-factor authentication (2FA), but between two parties looking to communicate as opposed to an individual authenticating access to a system.
With new emerging technologies appearing constantly, older technologies are waning in efficacy as attackers change their tactics, and organisations with limited budgets are unable to continuously refresh their cybersecurity tech stack to meet the need. This continued, rapidly changing face of the cyber threat landscape coupled with a confusing, fast moving cyber defence vendor landscape is forcing even the largest companies to rethink their ability and appetite to maintain cyber operations in house.
While organisations are expected to retain control of traditional, tried and true frontline defences such as enterprise anti-virus and firewalls, most if not all technology and processes associated with maintaining a mature security operations centres (SOC) will start to move outside the organisation.
Organisations will see the benefits in a partner more able to maintain a modern security solution stack, assist in evaluating and adjusting defence posture on an ongoing basis, allowing them to focus on time and effort towards their core business. Security development is becoming intrinsic and will have to be accounted for in core product profitability models. The next generation of tech firms will bake these requirements into their operating and cost models.
The burden of maintaining an SOC at the organisation level is enormous. Consider for a moment the delays between identifying a security gap, sourcing technology solutions, negotiating a purchase, and implementing a new security technology. The whole process could take upwards of 1-2 years from gap analysis to the implantation of just one new technology. These delays can not only create enormous risks for an organisation, but also take time and resources away from the task at hand: defending against cyber criminals.
A managed SOC presents an opportunity to offload not only the entire process of buying and implementing security tools, but also to leverage focused expertise to hunt for threats, respond to alerts, and perform incident response. Expertise that, by virtue of the outsourced SOC model, can learn and adapt by virtual exposure to multiple enterprises and their respective threat profiles.
In 2022, we will see demand for outsourced SOC expand beyond small and medium businesses. Expect some of the largest global enterprises to begin to outsource components of their security operations stack, likely beginning with threat detection and response-related activities. The reason organisations will likely start with detection and response is that detection and response technologies (endpoint and network detection and response) have been rapidly evolving over the past 3-5 years.
The writer is vice president, strategic development, OpenText