The ongoing cyber security skills shortage, increasingly complex infrastructure and growing numbers of security alerts are making it increasingly difficult for South African organisations to remain cyber resilient.
This is according to speakers at an Arctic Wolf webinar on security transformation, presented in partnership with ITWeb.
Polls of webinar participants revealed that 69% had experienced an increase in cyber attacks, and that their biggest security challenge was a lack of security skills and resources, with 55% saying this was a top problem. Other challenges included too many tools and associated alerts (17%), a lack of coverage of the entire attack surface (11%), the rising costs and limited coverage of cyber insurance (8%) and compliance and regulation (5%).
Jason Oehley, regional sales manager at Arctic Wolf, said these findings aligned with global trends. “There has been a significant increase in attacks and attempted attacks globally, with 41% of organisations seeing over 10 000 alerts a day. Analysts say an organisation needs at least eight people to run a 24/7 cyber security team, yet some organisations have no security skills in-house at all. The security skills gap is a massive challenge in South Africa, with 32% of local companies saying they have cyber security skills gaps,” Oehley said.
He noted that the skills shortages and increasing numbers of alerts were causing teams to ignore alerts. Arctic Wolf research found that 55% of respondents have ignored a known cybersecurity issue to prioritise another business activity, with one in five people admitting to ignoring security alerts, he said.
“There are up to 3 000+ security vendors out there, and they are always coming to market with new tools, so cyber security is no longer a tools issue, but an operational issue,” he said.
Oehley said optimal security operations should encompass people, process and technology. “Those trying to build a SOC themselves must build in components such as threat intelligence, SIEM, ticketing, knowledge base, research and development, reporting, log collection, EDR, NAD, vulnerability management, SOAR, training and skills, security engineers, security analysts and resolution and guidance. Without all of this, there will be gaps in the environment that can be exploited.” He highlighted Arctic Wolf’s solutions, which incorporate all of these components to supplement security skills and enhance cyber resilience.
Andre den Hond, Senior Systems Engineer at Arctic Wolf South Africa, said: “Many customers believe that if they cover the endpoints, they cover the entire attack surface. However, where the greatest threat lies is on the network side, representing 30% of the attack surface, followed by identity at 20%. Endpoints represent only around 15% of the attack surface.”
Analysts say an organisation needs at least eight people to run a 24/7 cyber security team, yet some organisations have no security skills in-house at all.
Jason Oehley, Arctic Wolf SA.
Den Hond said: “Organisations need to switch their thinking from a tools mindset to an operational mindset. With over 3000 security vendors in the market, it’s not a tooling problem – it’s a people and process problem. Organisations need to unify their security tech stack into a cloud resource to gain visibility across all attack surfaces and leverage the useful information from these tools. They must also focus on security outcomes – detection, containment and remediation – with broad coverage across the cloud, to reduce dwell time and risk exposure. In addition, they need security expertise to supplement their existing skills to continually build their cyber resilience.”
The Arctic Wolf solution for cyber security management
Den Hond explained that Arctic Wolf had pioneered the Security Operations Cloud with the Arctic Wolf platform built in AWS, and its Concierge Delivery Model.
“This allows us to unify security telemetry data from multiple sources across the entire attack surface in the client’s environment into the Arctic Wolf Platform. With cloud economics and scale, we share the platform across global customers. This also gives us global visibility to support our threat hunting and threat intelligence. We deliver 24/7 managed detection and response, managed risk services to contextualise and prioritise digital risk, and managed security awareness services to train employees and reinforce security awareness programmes,” he said.
The Arctic Wolf Platform does much of the ‘heavy lifting’, he said, but a 24/7 triage team investigates alerts and supplies a concise remediation plan. In addition, the Concierge Strategic Security Team of skilled cyber security experts works with customers and customises the organisation’s security journey in line with the NIST cyber security framework.
Share