It’s no secret that the threat of ransomware is showing no sign of slowing down, especially as organizations around the world come to terms with hybrid and remote working. The impact of an attack can be severe to say the least – according to the UK Government’s 2022 ‘Cyber Security Breaches Survey’ 39% of UK businesses identified a cyber-attack in the last 12 months. 83% of these businesses reported phishing attempts, and 26% identified a more sophisticated attack type such as a denial of service, malware, or a ransomware attack.
Unfortunately, businesses overestimate the role of technology in preventing attacks. Just as a manager of a sports team wouldn’t bank on their star forward to win every game, organizations should think about diversifying their approach to security.
Businesses cannot solely rely on technology
Given the growing volume and severity of these threats, smaller businesses are investing heavily in technology to protect against the risk of a devastating attack. Enter Endpoint Detection and Response (EDR) solutions, an increasingly popular automated technology that can be deployed to detect and help remediate possible threats before they become dangerous.
The trouble is, the majority of EDR detections are never investigated, throwing a spanner in the works for the notion that tech should support and augment human expertise. Alerts to threats are one thing, but finding a way to action them and prevent further intrusions is a whole other ball game.
This lack of response to alerts might not be as surprising as it sounds. In the same way that an onslaught of e-mails or phone calls at work can throw you off your stride, receiving too many EDR notifications can cause even the most experienced IT administrator to experience a kind of ‘decision paralysis’, ultimately leading to a failure to adequately address the problems the technology has identified. Pressure can ramp up to the point where turning off an EDR solution seems like the only play – a concerning trend whereby fatigued IT staff have simply reached their limit of cyberthreat tolerance.
Founder and CEO, Malwarebytes.
Cultivate a ‘defense in depth’ approach
While increasingly advanced technology is clearly here to stay, so is the need for human support and intervention (after all, as we’ve seen with the likes of ChatGPT, even the most sophisticated technology can suffer unexpected outages). Particularly for often understaffed SMBs wearing multiple hats with competing responsibilities and priorities, simply spotting the problem is not enough. They need additional support to efficiently solve issues in real-time.
Security professionals can look to the alarming rise in fileless malware, which has evolved to evade a range of modern solutions readily available to businesses in the market. Firms are continuously grappling with sophisticated encryptions, with recent statistics revealing that these stealthy attacks account for a staggering 50% of cyber breaches globally.
A winning strategy emerges from the interplay between technology, automation, and the indispensable role of human oversight. While advanced technologies and automated solutions play a pivotal role in detecting and mitigating threats, relying solely on them overlooks the critical contribution of human involvement investigating Indicators of Compromise (IoCs) within a specific environment to understand if there is in fact a threat.
From identifying attack vectors, and tracking advanced behaviors to eventually executing strategies that counteract cybercriminals, expert IT professionals should be seen as the ‘point guards’ of a cybersecurity approach – holding it all together and pulling the strings.
As a response to the growing threat, SMBs need to strike a delicate balance. They must obtain the right tools, training, and support to increase their ability to prepare, interpret and respond to emerging threats effectively.
Move away from reactive measures
Fortunately, there are solutions out there that strike this delicate balance, particularly for those SMBs without a Security Operation Center (SOC) or a dedicated team of threat analysts. As we know, the volume of threats looming over businesses with limited knowledge and resources is simply too much to handle for most.
That’s why we have seen the rise of Managed Detection and Response (MDR) solutions. We tend to look at endpoint protection as the lock on the door, EDR as the surveillance camera and MDR as the actual bouncer at the door. MDR offers businesses an end-to-end answer to this mounting struggle against threat actors.
By offering advanced technology alongside highly skilled analysts as part of dedicated incident response teams, MDR is an example of how businesses can lean on professionals to get the help they need. Having a task force of security professionals continuously monitoring the safety of endpoints and IT infrastructure enables the detection of threats – and often their eradication – before they can cause tangible harm.
Expert analysts receive insights using advanced technology, allowing them to proactively eliminate existing threats early on or reduce the amount of time a potential threat is left unchallenged. They can then propose a tailored approach to patching the relevant vulnerability and remove all remnants of the threat actor.
Having incident response teams will play an increasingly vital role in fortifying SMBs’ security posture, as they remind us that more technology should not sideline human involvement. Just as a successful sports team blends strategy, teamwork, and individual expertise, organizations must incorporate the irreplaceable value of human expertise in their defensive line-up.