Responding To High-Level Cyberattacks on A Mid-Level Budget

By Jesper Zerlang, CEO, LogPoint

Protecting your business against threat actors is no small task. Not only has the number of cyberattacks increased dramatically during the last year, but attacks are also becoming increasingly complex.

Organizations’ attack surface is expanding due to the quick advancement of digital transformation. The COVID-19 pandemic has significantly increased remote work, and businesses are using a growing number of SaaS solutions and applications, conducting more and more business online.

Simultaneously, cybercriminals are developing their techniques. For example, next-generation supply chain attacks have increased by 650 percent in 2021, and the number of victims to double extortion has risen an astonishing 935 percent in 2021. We also saw one of the most critical vulnerabilities of our time, Log4Shell, discovered in December, putting all organizations at risk for many years to come.

For a long time, people – especially management level – have assumed that the larger the organization is, the bigger the cybersecurity threat. Media tend to cover the cyberattacks hitting large companies, critical infrastructure, or governmental institutions, fueling the belief even today. It is time to revisit and disprove the assumption once and for all and address cybersecurity management in the mid-market.

Detecting and responding to threats in the mid-market

In today’s threat landscape, no company is safe from cybercrime. Verizon’s 2021 Data Breach Investigations Report reveals that small organizations are closing in on large ones regarding data breaches, with 307 in large and 263 in small. The genuine threat poses a massive dilemma for the mid-market: Who handles cybersecurity and how? My experience tells me that many middle-sized businesses place security administration with the IT department. Either they don’t have dedicated cybersecurity professionals to detect and address the inevitable security incidents at all, or they have very few.

Meanwhile enterprise-level companies typically have 30, 50, or 100 security analysts to monitor and respond to indicators of compromise in a dedicated security operations center (SOC). Leaving security operations in the hands of the general IT department is the same as asking a neurologist to diagnose and treat heart disease. Although competent, the neurologist might overlook something critical or choose a sub-par course of action to handle an identified problem because the skill level is unsuitable. The risk becomes that a small problem turns into a big one.

Cybercriminals slipping through the cracks

Although general IT professionals are highly competent at IT operations, they do not typically understand the threat landscape in-depth or know how to detect and respond to threats appropriately. Even if a business invests in sophisticated and complex platforms to protect against cyberattacks, the lack of expertise prevents it from leveraging the features. Many cybersecurity vendors only build security operations platforms to optimize enterprise-level SOC’s, a solution far above a middle-sized organization’s budget and skill level.

The lack of expertise puts the organization behind the curve, decreasing chances of overcoming a security breach without financial or reputational damage. Cybercriminals only need one opportunity to slip through the cracks and breach your system, e.g., exploiting unpatched software or getting an employee to click a malicious link.

Winning a seemingly losing battle with AI

There are ways for organizations in the mid-market to circumvent the issue of lacking the expertise to ensure a strong cyber defense. Some organizations turn to managed security service providers (MSSP), providing security services 24/7 in a SOC with the necessary capabilities to detect and respond to cyber incidents. Others turn to automation technologies to automate the SOC and eliminating human intervention as much as possible.

No matter which direction mid-level organizations take to bolster their defenses, there is a need for a consolidated and holistic approach to cybersecurity. Businesses need to stop running after best-in-class tools, and leverage AI and automation maturity to simplify security operations and ensure effectivity. An AI-driven system allows you to detect threats and execute a response automatically, either in-house or through an MSSP.

About the Author

Jesper Zerlang, CEO, LogPoint. Jesper Zerlang is a passionate proponent of increased cybersecurity awareness at the Executive and Board level, and champion of the integration of cybersecurity as a core component of any business strategy. Jesper has been the CEO of LogPoint since 2009 and has led the company to become one of the dominant Cybersecurity vendors in Europe, now expanding throughout the world. He has more than 25 years’ experience in the IT industry and has held executive management positions at Telia Company, Dell Computer and Compaq. His strong customer and partner focus, passion for his employees and strong entrepreneurial spirit sparks innovation and growth at LogPoint. He has supplemented his leadership skills with executive management programs at Harvard Business School. He can be reached at [email protected] and at our company website https://www.logpoint.com/en/.