Customers concerned about the financial, operational, and reputational damage that a cyber attack often creates are always looking for ways to mitigate these issues. More often than not, the conventional belief is that they need to invest in a comprehensive, but nearly always very expensive, managed security operations centre (SOC) or a security incident and event management (SIEM) solution in order to address this challenge.
There is nothing wrong with this approach, and for the most part, there is no wasted expenditure when it comes to cyber security. In the case of SOC or SIEM, (in my view), it’s akin to buying insurance in that you hope you won’t need to use, but it is there in case something happens. Unfortunately, the premiums can be eyewatering, and in some cases, selling the concept of this financial outlay to decision makers who haven’t experienced a major cyber breach can be an uphill battle for the internal and external stakeholders.
The financial realities of these types of solutions mean that a significant number of organisations either cannot afford to buy one, or have to make significant compromises elsewhere in order to find the budget for them. SOC or SIEM solutions are not a “one and done” investment, they require systems and people to work together in perpetuity, so the financial commitment is recurring in nature. Anyone who has tried to hire a cyber security professional will also know that demand outstrips supply for high quality skillsets, so the costs are high, and have been increasing above inflationary rates for the last 3-4 years; so that initial investment is also likely to increase over time.
The best security providers out there will help organisations to also improve their overall security posture proactively, but the main focus of a SOC or SIEM is to monitor and react to threats in progress, and help to mop up the mess afterwards. Dealing with a thief that’s already in your house is less desirable and more dangerous than ensuring that they cannot get in in the first place.
This is where our approach to cyber security comes into play.
By volume, the vast majority of cyber attacks are low complexity efforts to attack common weak points in known platforms. This is likely to be 80-90% of the attempted attacks on any organisation. It’s a numbers game for these bad actors as they have plenty of organisations to target. If they can’t find a way into your environment, they will move onto the next one.
It’s that old adage of “you don’t have to swim faster than the shark, you just have to swim faster than the person next to you.”
Most of the customers we work with are in the Microsoft 365 ecosystem, and in the vast majority of cases, have features in their E3 and E5 licenses that will help to mitigate a number of cyber security attack vectors that they didn’t know were there, or haven’t got the capability to configure and enable on their own.
Core has worked with a wide range of customers over the last 4 years where we have helped customers to improve their security posture through a range of simple “one and done” projects to configure and enable the features they are already paying for in their Microsoft 365 licences.
In some cases, this is a completely green field engagement where we are configuring tools for the first time and deploying them. In other cases, we are reviewing and reconfiguring tools that have been deployed, but are not fully optimising the available security features of the relevant application. These tools are evergreen in nature, and as a result, new features are added frequently; meaning a bulletproof deployment in 2019, might now be sub-optimal in terms of the protection that is technically possible today.
The outcome of these projects is a level of preventative security measures, with a degree of “defence in depth”, multiple layers of protection against unauthorised entry and exfiltration of data. The number of layers of defence will very much depend on the exact licensing in place across the estate, with customers using E5 licenses having the best overall options for improving their security posture.
In our Risk to Resilience Webinar, we talk through some of the best features of the E3 and E5 licenses that we have found customers haven’t fully exploited. We also give some real life examples of where these tools have been deployed, the benefits delivered, and structural cost savings that we have also helped customers realise when we have enabled them to deprecate a third party security application that was duplicating features they were already licensed for.
If you would like to view this on-demand webinar, please visit https://www.core.co.uk/webinar-on-demand-from-risk-to-resilience.
The webinar is focussed on Public Sector clients, but the elements we discuss are just as valid for private sector customers as well, so viewers from the commercial sectors will also see value in this webinar!