Fill Your Security Gaps: Deploy the Perfect Defence Against the Perfect Cybersecurity Storm
by Scott Schlueter, CISSP, GPEN, CDPSE, Rackspace Security Solutions
Today’s organisations are facing a perfect storm that is weakening their cybersecurity posture — and at a time when they need their security defences to be stronger than ever. But the reality on the ground is threefold; there are not enough people qualified for the number of unfilled security jobs, cybercrimes are more destructive than ever, and the threats are expected to get worse.
According to a recent report by DCMS titled "Cybersecurity skills in the UK labour market 2022,” approximately 51% of businesses (697,000) have a basic cybersecurity skills gaps and 33% have a more advanced skills gap (451,000 businesses). To match this the amount of job postings each month for cybersecurity experts has increased by 58% since 2020.
It’s estimated that there is an annual shortfall of 14,100 personal compared to 10,00 in the previous year. Cybersecurity experts can demand high salaries because they are in such high demand, which often knocks small and mid-size organisations out of the race for skilled experts.
Despite the security jobs shortage, organisations must find a solution to meet their security demands because cybercriminals aren’t taking any time off. Additionally, the attacks are getting more frequent, sophisticated and destructive.
The Fortinet threat intelligence report from the second half of 2021 found that a rise in the automation and the speed of cyberattacks is creating an environment for cybercriminals to launch more advanced persistent tactics that are more unpredictable and destructive.
According to SonicWall, nearly all monitored cyberattacks, threats and malicious digital assaults rose in 2021, including ransomware, IoT malware, cryptojacking and encrypted threats. There was a sustained meteoric rise in ransomware incidents, with 623.3 million attacks globally. What’s more, there was a 65% increase in “never-before-seen” malware variants.
As bad as it is right now, it will only worsen, according to Global X. “We expect the cat-and-mouse game between organisations, consumers and the cybercriminals who covet their data to intensify this year. The latest concern is a vulnerability in internet software known as Log4j that could jeopardise hundreds of millions of systems globally.”
The cost of these security breaches is climbing as well, according to IBM’s Cost of a Data Breach Report 2021. The average data breach increased from $3.86 million in 2020 to $4.24 million in 2021, the highest total cost in the 17 years that IBM has published the report.
A Perfect Defensive Move
With data growing increasingly more valuable and harder to protect, digital security has become infinitely more complex. For example, attackers will cross multiple domains like email, identity, endpoints, and applications to find the point of least resistance. The perfect defense for a perfect storm is a triple move. When it comes to security management and threat assessment today, bigger is better. You can’t patch your way out of today’s more threatening cyber landscape. You need to build a dam. And it must include the right people, processes and technologies.
The current cybersecurity staffing issue is not new when it comes to people. We’ve been experiencing adverse employment for over one decade. It’s just that attracting the right talent is more difficult now than ever before. What’s more, this is a dynamic industry with new threats developing all the time. As a result, new cybersecurity skills are needed to match the nature of the threats. And this only exacerbates the staffing challenge.
Many companies have recently chosen to work with hyperscalers and cybersecurity partners, which already have experts onboard. As a result, they are positioned to hire the best and brightest and ensure they stay current in their security skillset. In addition, by partnering with these organisations, companies can level up their cybersecurity instantly.
Choose integrated security technologies
Along with having the right people onboard, organisations also need the right technologies to build a powerful cyber defense. Many companies have approached their security needs by deploying a wide range of standalone security products from various vendors. But the stronger approach is to choose one major security vendor and build a defense architecture primarily with its products which creates a tighter and more unified wall of defense because the technologies inherently communicate with each other.
With the myriad of attacks, don’t strive to choose the best of breed. Instead, choose the most integrated solutions that will best enable your team. What’s more, this approach is easier to manage and brings down costs.
Again, making the most of your security technologies requires the right people and partners. You need people who know how to select best-in-class tools and optimise them to deliver the maximum impact, a force multiplier.
Cybersecurity is a data intelligence game, and you need vendors with the most data intelligence to create a better defense, which requires carefully choosing strategic partners.
Build a More Robust Cloud Security System
Putting the right processes in place for an advanced security defense requires coming from a place of deep knowledge about your current defence posture. Microsoft® and Rackspace Technology® created a workshop to help organisations analyse their existing strengths and vulnerabilities. The workshop also shares insight into building and operating a more robust cloud security ecosystem. It covers the complete range of understanding needed to improve your cybersecurity posture, including:
- Analyse your requirements and priorities for a hybrid cloud security detection and response solution.
- Discover existing hybrid workload vulnerabilities and learn how to reduce the attack surface area.
- Uncover threats to the included hybrid workloads and demonstrate how to investigate and respond to threats.
The workshop also provides an overview of developing the next steps to work with a pod of experts from Rackspace Technology’s Elastic Engineering (EE) for Security. Having elastic access to security professionals means you’ll have access to the expertise you need to augment your security team and fill the experience gaps compromising your defense system.
Rackspace Technology is particularly suitable for this role because, in March 2022, we joined the Microsoft Intelligent Security Association (MISA). The MISA is a network of managed security service providers who have demonstrated global delivery capabilities and managed services integration into Microsoft’s cloud-native security services and hybrid cloud technologies. Rackspace’s Elastic Engineering for Security helps businesses worldwide better defend against a world of increasing threats.
Real-world cybersecurity results
Many organisations have already participated in the workshop and are gaining a more robust cybersecurity posture. For example, a fund management company needed a more vigorous security defence to meet compliance demands on its Azure® landing zone deployment. However, the company only had one IT security person in-house. As a result, the EE for Security pod of experts reviewed the terraform templates and provided advice and prioritization on how to architect and engineer a secure Azure landing zone deployment.
Andres Salaverria, IT Director, Black Horse Carriers (A Penske Logistics Company), also relied on an REE for Security pod. The security experts helped deliver the Microsoft Hybrid Cloud Security Workshop to his in-house security team, which grew based on mergers and acquisitions. He said they’re “delivery of this workshop was critical to validate the security of our cloud environments, evaluate and get ahead of potential vulnerabilities, help us standardize our security configurations across all our Azure tenants, and to modernise our security strategy with Microsoft native security services.”
Contact us today to arrange a Microsoft Hybrid Cloud Security Workshop powered by Rackspace Elastic Engineering for Security.
AWS re:Invent Recap: 10 New Service and Update Announcements You Can’t Miss!
December 2nd, 2022
AWS re:Invent 2022 Recap
December 2nd, 2022
Highlights From Dr. Werner Vogels’ AWS re:Invent 2022 Keynote
December 2nd, 2022
Highlights from AWS re:Invent 2022: Global Partner Keynote with Ruba Borno
December 1st, 2022