SOAR platforms are the latest security innovation to help organizations thwart cyberattacks and stay secure
Data breaches are new normal, whether you like it or not. Breaches have expanded beyond financial services, where most of the money lives (the biggest motivation for the cybercriminals), and governments into healthcare, education and other business sectors as well.
On New Year’s Eve, criminals launched a cyberattack on the Travelex network and forced it to shut down the systems for ransom. The hackers claimed they gained access to the company’s systems months ago and were able to successfully download 5GB of sensitive customer data, including date of birth, credit card details and insurance numbers, etc. Travelex websites across Europe, Asia and the U.S. were offline for more than two weeks, with a message to visitors that they are down for “planned maintenance.”
The key here is the breach timeline when cybercriminals successfully evaded the enterprise security layers to get hold of sensitive data. The time from the attacker’s first action in an event chain to the initial compromise of an asset is typically measured in minutes, whereas the time to discover a breach is more likely to be weeks or months. For example, the payment card compromises for instance discovery is usually based upon the fraudulent use of the stolen data—typically months—while a stolen laptop will usually be discovered much more quickly because it is relatively obvious when someone has broken the glass out of the car door and taken the laptop.
Many organizations don’t even inform their customers when a breach has occurred in their environment. Even when it is revealed, often organizations will claim that only a few customers were affected.
How Much Could a Breach Cost a Company?
Security incidents are a common thing for security teams; however, big security breaches are not so frequent. Managing crisis situations is not an easy task—it requires an organization-wide effort that is well-integrated, concerted and coordinated. While most organizations have or should have a cadence to manage incidents, very few are prepared to deal with a crisis such as the situation mentioned above and have a well-thought-out plan in place if needed. With the increasing regulatory and reputational pressure and due to the impacts of cyberattacks and data breaches, it is increasingly important to prepare organizations to manage a cyber crisis by putting a documented and tested cyber incident response and crisis management plan in place.
Even a small breach could cost a lot for any company, with respect to the money that goes into recovering the organization from the breach, brand damage, customer loyalty and reputation—the average cost of cybercrime to a company is $3.92 million USD.
In Equifax’s latest Security and Exchange Commission filing, the company estimated it has spent about $1.4 billion recovering from its 2017 data breach that exposed the PII of 148 million customers, including a $690 million charge made during the first quarter of 2019 related to outstanding litigation and potential fines related to its 2017 cybersecurity incident. This is a huge amount that could cost any large company likewise if its cybersecurity strategy doesn’t provide resiliency.
The Catastrophic Damage a Cyberattack Could Cause
U.S. government researchers believe it’s only a matter of time before a cybersecurity attack on an airline occurs. Government documents discuss recent research probing airplane vulnerabilities in which a Department of Homeland Security (DHS) team successfully remotely hacked a Boeing 737. Reports indicate that it’s continuing to investigate how insecure commercial aircraft are to cyberattacks and hacking into a plane may lead to a “catastrophic disaster.”
Cybersecurity will be the world’s fastest-growing industry by 2026, according to a 2019 industrial market report, and a 2017 cybersecurity venture report predicts that 3.5 million available job vacancies by the end of 2021, which is a huge opportunity for security services provider vendors to help fill skill shortage gap.
The Latest Cybersecurity Innovations for Enterprises
With breakthrough technologies and innovations in the cybersecurity space such as artificial intelligence, machine learning and user behavior analytics, the security team is getting more effective at finding the breach early on and faster. The time it takes to detect security breaches is being reduced significantly, to months from years and weeks and days from months, with innovations in technology, making it easier for enterprise security teams or SOC analysts to analyze and respond to security incidents.
At the top of it all is security orchestration, automation and response (SOAR), a purpose-built platform to help security operations teams analyze the large volume of security events generated from the proliferation of security tools deployed in an enterprise. SOAR helps ensure that the disparate security tools are connected, processes are standardized and followed and people collaborate to effectively respond to security incidents.
A SOAR platform provides the orchestration capability to integrate all heterogeneous security tools into a single console and be able to investigate an incident occurring in the network which enriched details that includes data pulled from across the set of tools to take the appropriate decision and act swiftly. In addition, a SOAR platform provides the capability to automate the mundane tasks that security analysts spend most of their days on, and still be able to review the incidents that require human interaction. The platform also helps empower the security analysts to perform high-value activities and help improve the overall productivity of the SOC team, enabling them to focus on addressing security advisories.