Posted on by

How can lean startups build a resilient cybersecurity posture

The cybersecurity talent crunch has been one of the perennial problems of the past years for businesses.

With industries set to continue their digital transformation post-pandemic; and as cybercrime grows in scale and complexity, the challenge is only set to intensify.

Startups, in particular, have borne the brunt of the talent crunch. As businesses characterised by a “grow at all costs” ethos, cybersecurity has not traditionally been a business priority for startups, with resources typically channelled to product development and user acquisition.

The fiercely competitive market for recruiting cybersecurity talent doesn’t help either. A recent YouGov survey of ICT professionals in Singapore ranked “cybersecurity” as the top specialisation lacking in tech talent. A combination of these factors has meant that startups often operate with lean cybersecurity resources, and thus become prime targets for cybercriminals.

It is with little coincidence, then, that startups in Singapore and the region have found themselves on the receiving end of the biggest data compromises. These include the leak of user data records from ShopBack, Love, Bonito and RedDoorz Singapore, e-commerce, retail and hospitality startups respectively, to underground forums in 2020; and a more recent theft of 1.26 million users’ personal data from edutech startup GeniusU earlier this year.

With the talent crunch forecast to persist in the near term, how can startups address the cybersecurity conundrum?

Finding the right balance, augmenting manpower with automation

The answer lies in striking the right balance when allocating resources within the security operations centre (SOC). Simply put, a SOC is a centralised function within a business comprising people, processes, and technology that work together to continuously monitor and improve its security posture through the prevention, detection, analysis; and subsequent response to cybersecurity incidents.

Also Read: Best cybersecurity practices for startups to stay ahead of the curve

Regardless of size, all businesses could and should have an effective SOC shaping their cybersecurity posture. In an ideal scenario, a company would have a fully functional SOC manned by full-time analysts working around the clock, every day of the year to identify possible signs of intrusion and compromise that may require a response. However, we know well enough that the hiring landscape has made such an arrangement a pipe dream for most startups.

While startups can rely on a lean SOC comprising of a small number of analysts who wear different hats, such a setting would mean that security events are not consistently monitored around the clock. This leads to major delays in responding to many incidents, while other incidents go completely unnoticed.

The silver lining, however, is that prevailing technologies in cybersecurity today have made it possible for lean businesses to assemble a SOC with few manpower resources by augmenting it with the right solutions to effectively perform constant security event monitoring and analysis and detect possible intrusions.

When dedicating resources across people, processes and technology, startups lacking in manpower can dedicate their analysts to concentrate their energies on the most complex and challenging tasks, doing away with legions of analysts that traditionally spend most of their time performing time-intensive, mundane tasks.

Here’s how the three factors can work together to shore up a company’s cybersecurity posture, within the limits of its resources:

People

No matter how well automated a SOC is, certain roles are fundamental, and shouldn’t be replaced, in particular, the security analyst and the incident responder. These roles demand a level of analysis, inter-department liaison and decision-making that cannot be automated viably, and should be staffed by a skilled practitioner at all times

  • Security analysts work primarily in the monitoring and detection phases of a SOC.
  • Meanwhile, incident responder tasks may include conducting a deeper analysis of suspicious security events using various tools; and keeping the management apprised of the status of incident response efforts.
  • On top of these two full-time roles, the security architect is also important as a part-time team member. This is typically someone within the security organisation with a deep understanding of the organisation’s security programme and infrastructure. This person would help design the initial SOC solution and oversee its implementation to ensure it is efficient and effective.

Technology

In investing in the right cybersecurity technology, the key lies in identifying an all-in-one platform that the SOC will be shaped around. Such a platform includes and integrates all the needed forms of security automation and incident response orchestration processes into a single display.

  • For instance, an all-in-one platform could centralise all forensic data that underpins effective machine analytics, which can subsequently be utilised to identify events of particular interest, eliminating the need to have people looking at the raw security event data on monitors 24 hours a day.
  • In addition, such a platform could enable automated responses that trigger actions that can be initiated without human interaction, or that require single-click approval, which would greatly benefit a team’s time to respond to an incident

When an effective platform is combined with a sensible SOC staffing model and robust processes, there will be seamless integration, workflow, and communication for all SOC-related tasks, even in instances where an external contractor is needed.

Also Read: How much does cybersecurity cost and how to budget for it?

This combination also enables immediate access to the information, data, events, and investigation records that are needed by authorised in-house and outsourced parties at any time and from any location.

Processes

  • While technology brings people and processes together, processes help people to work with each other. Robust processes ensure that collaboration at critical times is instantaneous and seamless.
  • Again, an all-in-one platform has a big role to play in coordinating processes, including sophisticated communication, collaboration, workflow, and orchestration capabilities for SOCs. An all-in-one platform is essential because it performs security automation and orchestration to ensure that everyone is kept up to date on the status and has access to all necessary information.
  • In addition, it provides staff with the tools they need to work together and route tasks from one person or team to another, and check on workflows to ensure that nothing is overlooked or handled too slowly. For example, a security analyst may mark a set of events in the platform that an incident responder needs to further investigate. The all-in-one platform provides workflow capability that transfers responsibility for the work from the security analyst to the incident responder.
  • For instance, when a major incident occurs, numerous security analysts, incident responders, and forensic specialists may all help to resolve it, and others within the organisation such as system and network administrators may also be involved.

Ultimately, startups operate in highly competitive and volatile landscapes, where cybersecurity lapses can make or break their growth trajectory. The imperative, thus, is for companies to work around today’s competitive cybersecurity talent landscape, by empowering their existing teams with the right technologies to augment their jobs.

Editor’s note: e27 aims to foster thought leadership by publishing views from the community. Share your opinion by submitting an article, video, podcast, or infographic

Join our e27 Telegram groupFB community, or like the e27 Facebook page

Image credit: Canva Pro

The post How can lean startups build a resilient cybersecurity posture appeared first on e27.