Despite the fact that cyberthreats have never been more prolific or problematic, the majority of organizations believe they lack the cybersecurity talent needed to stem the flow of cyberattacks. In fact, 82 percent of IT professionals think there is a shortage of cybersecurity expertise.
Today’s cyber criminals are clever, sophisticated, organized and typically determined to profit from the theft of sensitive data – by selling it on the dark web or by extorting organizations with ransomware and distributed denial-of-service bombardments.
Meanwhile, the security professionals who have the cybersecurity skills to perform threat hunting and forensics analysis are in high demand but low supply. There could be as many as 3.5 million cybersecurity vacancies by 2021, according to Cybersecurity Ventures.
It’s the perfect storm to stress small and medium-sized enterprises (SMEs): A harrowing cyber threat landscape paired with a shortage of the necessary experts to protect these businesses from criminal hackers.
Implementing a security operations center (SOC) provides an ideal approach to protecting organizational resources from cyberattacks. However, SMEs until recently have lacked the means to deploy the requisite people, processes and technologies for a fully functional SOC.
Even SMEs that incur the cost of owning a security information and event management (SIEM) solution struggle to aggregate and correlate thousands of daily security alerts. Furthermore, hackers can strike at any time of the day. Adequate threat detection and response requires 24/7 staffing of security engineers capable of investigating, triaging and responding to indicators of compromise in real time. It’s a tall order given the global infosec talent gap.
SOC-as-a-service, or SOCaaS, provides the following benefits:
- Access to a team of security experts
- Centralized visibility with actionable outcomes
- Never deal with annoying false alarms
- A simplified and predictable pricing model
Great Lakes Computer is offering SOCaaS.
Great Lakes Computer provides expertise in remediation and repair of infected IT. Arctic Wolf provides single pane of glass visibility into your security solutions—and the dedicated security engineers to stand guard, day and night. Together, we’ll help you keep your data safe.
*This blog was originally published on Arctic Wolf.
Bring Your Own Device (BYOD) is jokingly referred to in some IT circles as “Bring Your Own Disaster”. While it offers a great opportunity to reduce costs and make employees happy, it’s still crucial to protect your organization’s data.
GROWING IN POPULARITY
BYOD had its genesis probably about 10 years ago with the advent of the iPhone. Up until that time people had the choice of a flip phone or a Blackberry. Many companies were outfitting their employees with Blackberries paying for the devices and the service. With the iPhone (introduced in 2007) and even the Android (introduced in 2008) there were more choices and as a result many employees wanted that choice, wanted to be able to use their own “smart phone” vs a company issued device. Add in there the Great Recession starting in late 2007 and companies were more than happy to let users bring their own phones and cut that line-item expense of providing one for them.
People come and go with their own phones and are more productive because they can receive business email and text while out of the office and there isn’t the extra cost for the device. Some companies have even extended the BYOD universe to include tablets and personal laptops. No harm, no foul, huh? As Lee Corso would say “not so fast, my friend.”
The issue with BYOD is that you have devices that are largely out of the control of the organization containing your vital information. Emails with and without important attachments, text messages and custom applications – all of this sits on phones owned by your employees. If and when they leave, what policies or agreements to you have with the now former employee that allows your company to take control of the device for the purpose of retrieving your data or at least making sure it is misappropriated?
Let’s go beyond that issue to a potentially more serious ones. Your network, containing all of your important information, not to mention data that may be protected by regulations, has all sorts of access points from servers to laptops to desktops. As a company, you have control (or at least can implement) over those devices through group policies, anti-virus, etc. But what about those BYOD devices? Can you implement best-practice security controls over the devices? Can you install anti-virus on those devices and monitor their activity? Can you at the very least impose encryption on the devices so that when they are stolen or accidentally left somewhere (such as a cab or at airport security) the information and access to those devices is protected?
How can the problem be even worse? With BYOD policies, is your organization at least aware of all of the devices that are allowed access to your network and to your data?
HOW BEST TO HANDLE BYOD
Don’t mistake this article for being a “sky is falling” on BYOD (although with the above tone, I can surely understand why you may). BYOD definitely has its advantages in cost, appeasement to employees and the ability for them to stay connected when they want, or are needed to stay connected. However, with each new technology and fad, care must be taken to understand the security implications so that your organization isn’t caught blind-sided by a poorly implemented policy.
The first thing to consider is a review of what policies your company has for BYOD and the protection of your data. Work with outside counsel to come up with the best plan for your company because it is not a situation of “one size fits all” (is there ever?). Things to consider are:
- What security measures are forced down on BYOD devices so that your data is protected?
- Is it made clear to employees that while they own the device the company owns its data on the device and can take certain measures with the device because of that data ownership?
- Can the company account for all BYOD devices that have its data and what data is on them?
- What is the policy regarding BYOD devices when the employee leaves the company?
Like Ben Franklin said, “An ounce of prevention is worth a pound of cure” and I’ve seen many times in the case of BYOD devices, an ounce of prevention is an ounce well spent.
This article was written by a partner company, Vestige.