Fully-Managed Cyber Services

Chris Swagler | September 26th, 2024

Research indicates human adults make upwards of 35,000 decisions every single day (1). These decisions, especially as they compound and carry impactful consequences, can create stress which, as we can all attest, leads to shoddier decisions being made. There is a demonstrated link between the often unconscious and convoluted nature of decision-making and emotions can influence outcomes. While there is not necessarily a negative correlation, the connection is worth consideration.

Image Source: Lerner, Jennifer S., and et. al. Emotion and Decision Making. June 2014 (2)

Within high-stress jobs and work environments, particularly those in which there is a legal or business need to secure highly sensitive information, clear-headed decision-making is vital to ensuring the best possible outcome for the organization and its clients. Emotions, including mental fatigue, can have a tremendous influence on the nature and manner of decision-making. When considering cybersecurity, it is important that decisions are forward looking and promote enhanced resilience, not situational or reactive.

When organizations are unprepared for a cyber incident in their policies and practices, more decisions have to be made quickly when the proverbial house is set on fire. Definitionally, many of these decisions will be instantaneous and not meaningfully considered beforehand. This is particularly true about contingencies and unintended consequences that could have been identified and planned for if uncovered in an Incident Response (IR) dry run. Preparation is a significant component of overall resilience.

As cyberattacks continue to increase—having more than doubled in frequency since the global covid pandemic—the likelihood of an incident against those who are un- or under-prepared to respond strategically and in a well-practiced manner become close to inevitable (3). It follows that poor decision making will follow a similar trend trajectory.

According to research published by S&P Global, “across sectors, 42.7% of companies have a cybersecurity response plan and test it at least annually. However, one in five companies do not have a plan or procedure in place at all” (4). Most companies, in other words, are not adequately prepared for a cyber incident, which for many of them is sure to be a costly choice.

Once unprepared business decision-makers are confronted with managing a cyberattack, they are required to make reactive decisions to neutralize the breach, safeguard critical data, minimize operational downtime, protect revenue, and so on.

Consider an active cyber incident in which a threat actor has infiltrated an assumed secure network and essentially shut down operations: Where does one start? Should you isolate infected devices? Delegate roles and responsibilities? Call a cybersecurity company with IR capabilities? Get a firm grasp of your hair and pull? Report the ransomware attack to authorities? Call the company law firm? And once the first decision is made, what comes next?

If the plan is to hand off remediation responsibility to the internal IT team, who may or may not be equipped to effectively handle such an incident, it is likely this team already is affected by alert fatigue. Data indicates that 32% of an average team’s day is spent investigating incoming alerts that are false positives and only 49% of incoming alerts are reviewed daily (5). At every turn, the decision tree will expand and become more complex adding natural and unintended consequences. The combination of exhaustion, cybersecurity gaps, and lack of preparation are indeed problematic.

(Just thinking about making hypothetical decisions can be exhausting.)

BUILDING SUSTAINABLE RESILIENCE

To limit fatigue related to cybersecurity specific decisions and any concern regarding the efficacy of whatever cyber system is in place, there is one choice that can serve as a significant respite: engage with a fully staffed, properly configured, service oriented, fully-managed, 24/7/365 Security Operations Center (SOC) with a response playbook in place who can serve as an extension of your team.

A SOC of this description has within it the tools, trained and certified staff, threat intelligence, and wherewithal to identify, assess, and remediate discovered lapses and active threats with clear minded and prepared decisions.

A fully-managed SOC can enhance other aspects of an organization as well. Most entities are not in the cyber business. As a result, their goals and growth strategies are not typically cyber-first programs. They are more likely related to product development, service enhancement, revenue growth, or increased customer engagement.

Engaging with a SOC allows clients to focus on these core business strategies without sacrificing time, capital, or decision points on cybersecurity enhancement. SOC teams can relieve that burden from the shoulders of business leaders and act, in some ways, as a de-facto cyber consultant.

Beyond these critical functions, a SOC can help business leaders develop a comprehensive plan and even practice how they would respond if an incident were to occur. Tabletop exercises are one way this can happen. Their point is to strengthen the collaborative planning and decision-making of the incident response team with respect to technical, executive, and functional processes and responsibilities. Doing so shrinks the decision-making tree in the event of a live cyberattack and empowers a full-team response instead of having some wait for others to decide or how and what to delegate.

Planning your difficult decision-making processes while calm, of clear mind, and with the assistance of cybersecurity experts will lead to a more confident, cohesive, and comprehensive response to an attack.

Additional cyber-related decisions that a SOC team can assist in relieving are regarding regulatory or industry-led compliance, any network-related technical issues, or updates to policies, procedures, and personnel training. Each of these—and the many other areas a SOC can be of valuable service—represents a host of decisions that can be made with the assistance of a team who has made them repeatedly.

The truism of a cyberattack being inevitable does not have to mean devastation, data loss, downtime, or a decline in client satisfaction. Preparation in the form of working with a fully-managed SOC can bolster defenses, boost readiness, and build confidence within businesses. Make reaching out to SpearTip to learn about their cybersecurity services, which include a fully-managed SOC, the next great decision made by your organization.

Sources

  1. Reill, Amanda. “A Simple Way to Make Better Decisions.” Harvard Business Review, 5 Dec. 2023. hbr.org, https://hbr.org/2023/12/a-simple-way-to-make-better-decisions#:~:text=The%20average%20adult%20makes%2033%2C000,Writing%20or%20journaling%20can%20help.
  2. Lerner, Jennifer S., and et. al. Emotion and Decision Making. June 2014, https://scholar.harvard.edu/files/jenniferlerner/files/annual_review_manuscript_june_16_final.final_.pdf.
  3. Natalucci, Fabio, and et al. Rising Cyber Threats Pose Serious Concerns for Financial Stability. International Monetary Fund, 9 Apr. 2024, https://www.imf.org/en/Blogs/Articles/2024/04/09/rising-cyber-threats-pose-serious-concerns-for-financial-stability.
  4. S&P Global. With Cybersecurity Risks on the Rise, Some Sectors Can Do More to Prepare. 8 Nov. 2023, https://www.spglobal.com/esg/insights/featured/special-editorial/with-cybersecurity-risks-on-the-rise-some-sectors-can-do-more-to-prepare.
  5. IBM and Morning Consult. Global Security Operations Center Study Results. Mar. 2023.

Categories

Connect With Us

Featured Articles

Evolving Threat Landscape
An Examination of the Evolving Threat Landscape to Support Cyber Maturity
10 October 2024
Fully-Managed Cyber Services
How Fully-Managed Cyber Services Can Impact Organizational Decision-Making
26 September 2024
More Cyber Resilient
Why Aren’t Individuals & Businesses More Cyber Resilient?
13 September 2024
Crucial Role of the SOC
The Crucial Role of the SOC & Its Team in Today's Cyber Landscape
30 August 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

inside the soc

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.
shadowspear platform

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.
shadowspear demo

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.