Table of Contents
"Stealth": The Increasingly Elusive Threat
"Sustainability": Quantitative Overload Hindering Sustainable Operations
"Shortage": Shortage of Human Resources
Approaching the Challenges: Building a Sustainable Security Platform
In today's rapidly evolving cybersecurity landscape, security teams face numerous challenges. To delve into the essence of these multifaceted issues, we consolidated them into three key elements (the 3 “S”): Stealth, Sustainability, and Shortage. We also explore how a security platform addresses these elements.
"Stealth": The Increasingly Elusive Threat
Cybercriminals are becoming more sophisticated, making detection increasingly challenging. In 2022, 3.75 million unknown malwares were detected through emails and the prevalence of emails with undetectable malware has increased by 46% compared to the previous year. Not only are there common phishing emails, but there is also a rise in advanced attacks combining spear phishing and social engineering techniques.
Furthermore, Trend Micro data revealed that in Japan, 94% of incident response support for domestic ransomware cases involve attacks conducted remotely through the internet by attackers who control the victim organisation's devices using "human-operated" methods. Particularly, the attack method known as "living off the land" (environmental parasitism) is frequently utilised to evade detection by exploiting existing systems and legitimate tools.
According to Trend Micro data, the average dwell time (the duration attackers remain undetected) for ransomware incidents in Japan is 5.82 days shorter compared to the 6.22 days during the same period last year. Attackers quickly encrypt data and demand ransoms, posing a challenge for defenders to detect these difficult-to-notice attacks as early as possible.
"Sustainability": Quantitative Overload Hindering Sustainable Operations
While cybersecurity is supported by daily operations, the security field is currently experiencing a quantitative overload that hampers sustainable security operations. Security personnel deal with massive amounts of data daily. For instance, Trend Micro log data shows that from just 1,000 devices, 1.25 billion logs are collected in a mere seven days. Security teams must sift through this flood of data to identify genuinely threatening incidents effectively.
However, it has been found that the number of security tools and vendors is unexpectedly high. An IBM study found that 95% of respondents used more than 10 security tools. As the number of these tools increases, integrating and managing them effectively becomes more challenging.
Moreover, the number of publicly disclosed Common Vulnerabilities and Exposures (CVEs) reached 68 per day in 2022. Manual triage of CVE information to determine the priority of risks for an organisation is challenging, necessitating mechanised processes.
"Shortage": Shortage of Human Resources
Currently, the global market faces a shortage of approximately 3.43 million cybersecurity professionals. Additionally, it is estimated that 8 full-time employees are required to handle the vast amount of security telemetry and logs. Acquiring such resources becomes extremely difficult. SOC team members spend an average of one-third of their working hours investigating/verifying incidents that are not actual threats, which further burdens already stretched SOC teams.
Even with human intervention, the workload on SOC teams at the frontlines is a concern. Around 70% of SOC members experience psychological distress due to the overwhelming and continuous flood of alerts. As the number of alerts increases, effectively processing them becomes challenging, adding to the burden. Considering the existing talent shortage, the psychological and physical burdens can also lead to employee turnover. Thus, alleviating these burdens becomes an urgent task.
Approaching the Challenges: Building a Sustainable Security Platform
To address these three challenges, it is essential to establish a cybersecurity platform that strongly and sustainably supports human decision-making. Consider the following when choosing a platform vendor:
- Data Integration and Automation: Integrate and visualise a comprehensive picture of cyberattacks by consolidating diverse and vast amounts of data. By integrating security telemetry and logs based on relevance, the prevention of oversight of critical events and the elimination of disjointed incident response processes can be achieved.
- Threat Intelligence-Driven Detection and Response: To detect increasingly stealthy cyberattacks, it is necessary to perceive various attack techniques as a "series of attacks." Integrating threat intelligence into incident response processes enables early detection of attack indicators through advanced correlation analysis.
- Transition from "Best-of-Breed" to "Best-of-Platform": Improving the defence capabilities of individual tools alone cannot uplift overall security. Construct your own security as a platform, maximising the utilisation of existing security tools, minimising operational costs, and expanding functionality through integration with other tools to achieve sustainable security operations.
- Consideration of Professional Services: Establish a security structure by determining the range of priorities that your organisation should focus on, while considering external support. Define policies/processes and assets to protect within your organisation and explore the utilisation of external resources to acquire the necessary expertise for your security team.
Data-driven analysis and insights enable faster and more effective responses, contributing to the establishment of a sustainable cybersecurity foundation. Throughout this article, we have presented approaches to the challenges and issues in modern cybersecurity. To counter advanced threats, sustainability and innovative technology are indispensable. Trend Micro offers extensive knowledge on cyber threats and provides a sustainable security platform, enabling data-driven decision-making for everyone.
For more information about the benefits of a cybersecurity platform, check out the following resources: