Roundtable Report: Cybersecurity Challenge at Breaking Point

Roundtable Report: Cybersecurity Challenge at Breaking Point

image

At our recent roundtable, IT leaders from the public and private sectors came together to discuss the cybersecurity challenge. Steve Timothy, our Cybersecurity Specialist Director, unpacks the insights and shares actionable advice.

It isn’t every day that IT leaders from different worlds come together for a frank conversation. However, the depth of the cybersecurity challenge and worsening economic conditions were enough to bring even the busiest and most in-demand figures in the industry to the table for critical talks. 

The need for strong cybersecurity is no new phenomenon, but cyber threats are growing in intelligence and agility. Throwing money at extra defences isn't enough; that’s only half the story.

Your cybersecurity strategy needs to evolve with your technology setup, employee behaviour, and threat level. 

We discussed overcoming alert fatigue, implementing countermeasures, solving resource issues, and obtaining comprehensive detection and response. Let’s examine each point and unpack the insights from our attendees.

Cybersecurity challenge 1: organisations are falling victim to alert fatigue and missing warning signs

Alert fatigue is real, and it doesn’t just apply to large organisations such as nuclear power plants, manufacturers, and financial institutions. When resources are stretched thin, it can be easy to miss the small details indicating that something isn’t right.  

The same is true of cybersecurity. A multitude of nuanced threats exist, and it is difficult to multitask across systems and services. These cybersecurity challenges stretch an organisation’s resources and can overwhelm people, increasing the risk of human error. 

Colin Lock, Cyber Security Business Manager at Ricoh, weighed in. “We regularly hear about employees being stretched and bombarded with alerts. Some experience thousands in a day. In addition to their usual busy workloads, they find it a challenge to know which threats are actionable priorities.”

Attacks are evolving in sophistication. Organisations might miss the warning signs due to a lack of resources, training, or appropriate notification systems. This means they may not even realise they’ve been compromised until their operations are affected. At this point, it’s usually too late to update their cybersecurity measures.

With bidding and tendering coming up in the spring, getting this right is paramount. Airtight cybersecurity compliance is often a prerequisite for procurement, and governments are cracking down on the rules.

So what is the solution?

Roundtable participants agreed that a Managed Detection and Response solution (or MDR) could help with these issues. But what exactly is MDR?

What is Managed Detection and Response?

Managed Detection and Response is an outsourced package that provides organisations with capabilities to detect cyber-attacks, respond when they occur, and help recover where necessary. This is an enhanced level of cybersecurity protection. It lifts the problem from the shoulders of IT teams and leaders, allowing them to place the responsibility with experts who are better resourced to meet the ever-evolving challenge of cybersecurity.

Cybersecurity challenge 2: organisations rely on SOC or SIEM services alone — but more can be done.

The acronyms SOC and SIEM stand for Security Operations Centre and Security Incident Event Management, respectively. But the acronyms don’t matter as much. The key takeaway that organisations need to get right is maintaining a proactive process that both protects from and prevents threats. 

SIEM platforms are expensive, need to be configured and optimised correctly and need to be maintained on an ongoing basis. This requires skills and availability that are often not present in the IT team.

Some businesses set up their own on-site SOC, populating it with a full-time, expert staff. However, this is expensive and resource–intensive—and it is only set to become more so in the current, increasingly sparse global market of IT professionals. 

According to GOV.UK, 30% of cyber firms in 2024 so far have faced a problem with a technical skills gap. There has been a significant decline in reported skills gaps across many areas, for instance security testing (23%, down from 35%). In contrast, the skills gap for cryptography and communication security has increased (24%, up from 12%).

These teams are also only available and responsive during working hours, limiting their ability to detect threats instantaneously.

Outsourced SOC

Alternatively, some businesses opt to outsource the operation of their SIEM platform to a third party that will oversee critical alerts.    

While an outsourced SOC/SIEM service can provide valuable cybersecurity insights, it usually leaves the onus on businesses to confront the challenges identified. The service is not on-site and is removed from the source of the problem. Imagine a police service fifty miles away calling to inform you of a break-in at your house—would that make you feel safe? 

Both options – insourcing and outsourcing – can provide a fragmented and incomplete approach. They both lack the comprehensive, end-to-end detection and response an MDR service can provide. 

As cyber threats evolve, businesses must move beyond passive or fractured solutions to proactive, exhaustive processes.

Cybersecurity challenge 3: companies have passively relied on insurance to reimburse losses — but this is no longer enough

By 2025, the cyber insurance market will hit $14.8 billion annually, and predictions indicate cybercrime will cost the world $30 billion annually by the same date. This rise in attacks and payouts happens when companies passively rely on reimbursement rather than solving the problem at the source. This is especially concerning considering that ransom bills are on track to increase 5X by the end of 2024, and 32% of attacks so far have started with an unpatched vulnerability.

Steve Timothy, Cyber Security Specialist Director at Ricoh, said, “Insurance companies are tightening criteria. Soon, it will become more difficult to recoup losses from cyberattacks. We must also emphasise the importance of optics when going through lengthy legal processes to recoup losses; organisations want to be known as stellar service providers, not remembered as victims after an attack.”

While insurance is a business essential, its value comes after the fact. It is responsive, not preventative, and it can’t recoup the loss of time or reputation once a cyberattack has compromised a company’s integrity. Expensive legal cases to recoup losses keep companies in the public eye — and not in a positive light.

Cybersecurity challenge 4: employee awareness and consistent training is essential at all levels of business 

Often, well-intentioned or busy employers schedule annual or bi-annual cybersecurity training, thinking doing so is enough to tick the right boxes. They make the mistake of thinking many other tasks take priority.

Technologies (and criminals!) develop and adapt very quickly. Cybercriminals also enjoy increasingly large budgets and sophisticated set-ups. Therefore, training needs to keep up. 

Frequent, updated training also keeps cybersecurity a priority in employees’ minds and demonstrates that employers take it seriously, facilitating a culture of safety at every level of business.

The Solution – Managed Detection and Response

Introducing MDR delivers a significant step forward in cyber resilience in a short timeframe, mitigating the risk of alert fatigue and human error when the proper resources and structures are not in place. 

Additionally, it offers comprehensive end-to-end detection and ongoing security improvement, which an outsourced SOC/SIEM cannot usually provide. With an MDR, businesses won’t have to rely on insurance if attacked (and lose money, time, and reputational value with partners). 

Our eBook provides more information about what MDR can do for you.

We’d like to thank all roundtable attendees for their valuable insights and contributions.

Portrait of Steve Timothy

Steve Timothy

Cyber Security Expert at Ricoh UK & Ireland

Let’s connect

Talk to a Ricoh expert

Get in touch with one of our consultants and find out how we can help your business.

Contact us