A Security Operations Center (sometimes called an Information Security Operations Center) is exactly what its name suggests – a team of technical experts in a facility dedicated to the organization’s cybersecurity. Its job is to work around the clock to minimize risks, stay up-to-date on threats and risks, and respond to attacks on computers and networks. It’s essentially the IT equivalent of a normal security center, the difference being that the team is in front of computers, not CCTV.
Threats from cybercriminals are constantly evolving: volumes of data are growing exponentially and legislation is changing fast. As technologies such as 5G and the internet of things (IoT) become mainstream, hackers and other digital criminals have even more options when it comes to gaining access to companies’ systems and data. Not only are the risks increasing, but so are the associated financial costs. According to research by Kaspersky, in 2020, the costs of cleaning up after a breach reached an average of $1.09m for enterprise.
Why do you need to invest in a SOC?
So why do only one-third of businesses have a Security Operations Center? In the past, dedicated SOCs have largely been the preserve of big companies. This was because they were expensive and consumed significant resources and expertise. But it’s also because small- and medium-sized businesses have not, traditionally, been as data-intensive as their sprawling multinational counterparts. However, this is changing for a variety of reasons, some positive and some negative.
Firstly, even the smallest businesses are now data businesses. They can mine data from customer communications for insights, monitor social media and respond intelligently to use customer data for targeted campaigns. This can mean a lot of data. As business processes move towards total automation, the IT and technology functions in the business have to take on more responsibility for managing these increased risks. Now, more attacks are carried out by highly skilled attackers, so professional security operations teams need to work harder to block them.
In tandem with this, cybercriminals, such as the writers of ransomware, no longer just go for the big fish. Rather, they target everyone – the difference between the percentage of small businesses and large businesses attacked is now negligible. Indeed, according to a 2019 cyber-readiness study by the multinational insurers Hiscox, the average cyber-breach costs a small- to medium-sized business $77,000. Although far less than the hit on enterprises, it’s a sobering and unexpected cost to foot.
It’s time to fight back. Or, quite literally, SOC it to them.
SOCs are now for all business sizes
It’s not all bad, though. According to Kaspersky’s research, security budgets are growing. What’s more, it’s now easy and cost-effective to buy in much of the complex tech and expertise from specialists. For small- and medium-sized businesses, this reduces the cost and the headache and answers the “Where do I start?” question.
You can set up a SOC without looking at developing costly expertise in-house. There’s less hassle and costs are predictable. This removes many of the barriers to an organization launching a SOC. For mid-sized businesses, the boot (or rather the SOC) is now on the other foot.
According to Kaspersky’s Sergey Soldatov, now is the time to seize the opportunity to establish your SOC:
Today, the market of security operations outsourcing is mature enough to effectively and efficiently manage cyber-risks for all business sizes. This has come at just the right time – the risks to all businesses are growing fast.
Sergey Soldatov
Head of Security Operations Center, Kaspersky
Big businesses are looking to improve their SOCs too
In fact, even for large businesses, using a bought-in SOC is becoming increasingly attractive. A recent survey by the SANS Institute, which specializes in IT security, found that specialists working in SOCs had limited satisfaction with their performance but did not have a clear view of how to improve it. This is likely to be because the world of cybersecurity has become so complex that big companies are struggling to keep up with the fast-changing landscape and develop sufficient expertise in-house.
Here, the cloud offers an instructive comparison. It has revolutionized the way many companies approach their IT needs. It means that medium-sized businesses can afford the sort of sophisticated solutions that were once only available to multinationals. In fact, many global giants have also discovered that it’s more cost-effective and efficient to use outside specialists. We are now seeing something similar with security – increasingly, high-end SOCs are now within everyone’s reach, regardless of how big (or small) you are.
