Cybersecurity is an intensely technical field. It requires advanced knowledge about diverse technical topics such as authentication handshake protocols, packet spoofing, and TTP attack profiling. That's why it's so important to have skilled technical resources on hand.
It all started when I attended Gartner's 2023 Security and Risk Management Summit earlier this year and then echoed in several customer meetings, I am again reminded how vital it is for cybersecurity leaders to focus on the strategic, non-technical aspects of their work as well.
Resourcing is an area of particular concern. That's because both our budgets and the global supply of human talent are problematically limited. The digital safety of the organizations we're charged with defending from cyberattack is highly contingent upon our ability to optimally allocate our financial and human resources in pursuit of minimized exposure to risk.
In fact, if you're a cybersecurity leader, your decision-making re SecOps resourcing may actually be more critical than incremental improvements in your technical chops. Think about it. Theoretically, you could burn through your budget quickly hiring a couple of rockstar security experts and licensing a handful of best-in-class tools — yet still wind up more vulnerable than a similar organization that simply contracted with a reasonably competent and responsive service provider for 24/7 coverage.
Here are some share-worthy takeaways from the Summit:
Takeaway #1: Balancing the hybrid SOC
Few, if any, organizations can fully staff themselves to run a SOC with internal staff alone. By the same token, unless your organization is so small that it can't afford any full-time security staff at all, there are some tasks that are best performed in-house — the most important of which is keeping external partners accountable.
Cybersecurity leaders therefore need to be very intentional about balancing their hybrid SOC models. And remember, it's not just about internal staff keeping outside contractors accountable. You also need outside adversarial testing partners to help you validate your in-house team's assumptions about your security posture — and to support you with much-needed additional bodies in the event of a challenging incident.
Takeaway #2: Consolidate your vendors
Cybersecurity technology has evolved significantly over the past few years in response to both 1) the evolution of threat actor TTPs and 2) the increased vulnerability of organizations to digital risk that's a direct consequence of their increasing dependency on digital technologies.
As a result of this evolution, most security teams have acquired more security tools and/or engaged with more external partners.
While this accretion of business relationships has probably broadened and strengthened your organization's portfolio of security resources (a good thing), it has probably also spread you a little thin when it comes to managing those relationships (not a good thing). Therefore, the recommendation is to consolidate your vendor roster — and shed non-strategic relationships.
Vendor consolidation generates several much-needed benefits for resource-constrained security teams. And those benefits go well beyond reducing the overhead consumed by vendor management and the strain on staff having to learn how to use too many tools. The fewer vendors you have, the more skin each vendor has in the game — so they're likely to be even more responsive to your needs. Also, when one vendor provides you with multiple services, there's more synergistic learning between those different services. That cross-pollination of institutional knowledge can help further strengthen your security posture.
Takeaway #3: Beware best-in-class
Technically oriented people tend to evaluate technical solutions based on their technical attributes. And that's a valid approach — to a point. According to Gartner, the issue is that purely technical evaluations can lead to portfolios comprised entirely of technically superior best-in-class solutions that don't optimally address an organization's actual security challenge: maximally mitigating the exposure to business risk.
Discussions at the Summit revealed numerous viable alternatives to best-in-class thinking. The data retention included within an XDR solution, for example, might not match those of a best-in-class SIEM — but if they're sufficient for your organization's requirements, you can free up a lot of budget by simply retiring SIEM altogether.
AI enablement offered another example. The most technically advanced AI on the market may seem compelling at first glance. But in cybersecurity, having substantially better threat intelligence supporting your detection algorithms is functionally more important than any incremental difference in the algorithms themselves.
Bottom line: A more strategic approach to the resourcing of your security operations can help you keep your organization safer within your real-world constraints of time, money, and talent. That's why it pays to be as strategic in resourcing as you are about engaging in the technical aspects of cyber defense.
To learn more about the economics of cybersecurity, download our free white paper here. You can also talk to someone at Secureworks about how you can stretch your budget further.