Fill Your Security Gaps: Deploy the Perfect Defense Against the Perfect Cybersecurity Storm
by Scott Schlueter, CISSP, GPEN, CDPSE, Rackspace Security Solutions
Today’s organizations are facing a perfect storm that is weakening their cybersecurity posture — and at a time when they need their security defenses to be stronger than ever. But the reality on the ground is threefold; there are not enough people qualified for the number of unfilled security jobs, cybercrimes are more destructive than ever, and the threats are expected to get worse.
According to CyberSeek, there are 1,053,468 people employed in security jobs in the U.S. However, there are approximately 600,000 security roles unfilled as of February 2022. Cybersecurity experts can demand high salaries because they are in such high demand, which often knocks small and mid-size organizations out of the race for skilled experts.
Despite the security jobs shortage, organizations must find a solution to meet their security demands because cybercriminals aren’t taking any time off. Additionally, the attacks are getting more frequent, sophisticated and destructive.
The Fortinet threat intelligence report from the second half of 2021 found that a rise in the automation and the speed of cyberattacks is creating an environment for cybercriminals to launch more advanced persistent tactics that are more unpredictable and destructive.
According to SonicWall, nearly all monitored cyberattacks, threats and malicious digital assaults rose in 2021, including ransomware, IoT malware, cryptojacking and encrypted threats. There was a sustained meteoric rise in ransomware incidents, with 623.3 million attacks globally. What’s more, there was a 65% increase in “never-before-seen” malware variants.
As bad as it is right now, it will only worsen in 2022, according to Global X. “We expect the cat-and-mouse game between organizations, consumers and the cybercriminals who covet their data to intensify this year. The latest concern is a vulnerability in internet software known as Log4j that could jeopardize hundreds of millions of systems globally.”
The cost of these security breaches is climbing as well, according to IBM’s Cost of a Data Breach Report 2021. The average data breach increased from $3.86 million in 2020 to $4.24 million in 2021, the highest total cost in the 17 years that IBM has published the report.
A Perfect Defensive Move
With data growing increasingly more valuable and harder to protect, digital security has become infinitely more complex. For example, attackers will cross multiple domains like email, identity, endpoints, and applications to find the point of least resistance. The perfect defense for a perfect storm is a triple move. When it comes to security management and threat assessment today, bigger is better. You can’t patch your way out of today’s more threatening cyber landscape. You need to build a dam. And it must include the right people, processes and technologies.
The current cybersecurity staffing issue is not new when it comes to people. We’ve been experiencing adverse employment for over one decade. It’s just that attracting the right talent is more difficult now than ever before. What’s more, this is a dynamic industry with new threats developing all the time. As a result, new cybersecurity skills are needed to match the nature of the threats. And this only exacerbates the staffing challenge.
Many companies have recently chosen to work with hyperscalers and cybersecurity partners, which already have experts onboard. As a result, they are positioned to hire the best and brightest and ensure they stay current in their security skillset. In addition, by partnering with these organizations, companies can level up their cybersecurity instantly.
Choose integrated security technologies
Along with having the right people onboard, organizations also need the right technologies to build a powerful cyber defense. Many companies have approached their security needs by deploying a wide range of standalone security products from various vendors. But the stronger approach is to choose one major security vendor and build a defense architecture primarily with its products which creates a tighter and more unified wall of defense because the technologies inherently communicate with each other.
With the myriad of attacks, don’t strive to choose the best of breed. Instead, choose the most integrated solutions that will best enable your team. What’s more, this approach is easier to manage and brings down costs.
Again, making the most of your security technologies requires the right people and partners. You need people who know how to select best-in-class tools and optimize them to deliver the maximum impact, a force multiplier.
Cybersecurity is a data intelligence game, and you need vendors with the most data intelligence to create a better defense, which requires carefully choosing strategic partners.
Build a More Robust Cloud Security System
Putting the right processes in place for an advanced security defense requires coming from a place of deep knowledge about your current defense posture. Microsoft® and Rackspace Technology® created a workshop to help organizations analyze their existing strengths and vulnerabilities. The workshop also shares insight into building and operating a more robust cloud security ecosystem. It covers the complete range of understanding needed to improve your cybersecurity posture, including:
- Analyze your requirements and priorities for a hybrid cloud security detection and response solution.
- Discover existing hybrid workload vulnerabilities and learn how to reduce the attack surface area.
- Uncover threats to the included hybrid workloads and demonstrate how to investigate and respond to threats.
The workshop also provides an overview of developing the next steps to work with a pod of experts from Rackspace Technology’s Elastic Engineering (EE) for Security. Having elastic access to security professionals means you’ll have access to the expertise you need to augment your security team and fill the experience gaps compromising your defense system.
Rackspace Technology is particularly suitable for this role because, in March 2022, we joined the Microsoft Intelligent Security Association (MISA). The MISA is a network of managed security service providers who have demonstrated global delivery capabilities and managed services integration into Microsoft’s cloud-native security services and hybrid cloud technologies. Rackspace’s Elastic Engineering for Security helps businesses worldwide better defend against a world of increasing threats.
Real-world cybersecurity results
Many organizations have already participated in the workshop and are gaining a more robust cybersecurity posture. For example, a fund management company needed a more vigorous security defense to meet compliance demands on its Azure® landing zone deployment. However, the company only had one IT security person in-house. As a result, the EE for Security pod of experts reviewed the terraform templates and provided advice and prioritization on how to architect and engineer a secure Azure landing zone deployment.
Andres Salaverria, IT Director, Black Horse Carriers (A Penske Logistics Company), also relied on an REE for Security pod. The security experts helped deliver the Microsoft Hybrid Cloud Security Workshop to his in-house security team, which grew based on mergers and acquisitions. He said they’re “delivery of this workshop was critical to validate the security of our cloud environments, evaluate and get ahead of potential vulnerabilities, help us standardize our security configurations across all our Azure tenants, and to modernize our security strategy with Microsoft native security services.”
Contact us today to arrange a Microsoft Hybrid Cloud Security Workshop powered by Rackspace Elastic Engineering for Security.
Highlights From Dr. Werner Vogels’ AWS re:Invent 2022 Keynote
December 2nd, 2022
Highlights from AWS re:Invent 2022: Global Partner Keynote with Ruba Borno
December 1st, 2022
Highlights from Adam Selipsky's AWS re:Invent 2022 Keynote
November 29th, 2022
Highlights from the AWS re:Invent Keynote with Peter DeSantis
November 29th, 2022