Thursday 31st October 2024
Setting the Scene
Sharing information on subject such as attack strategies, vectors, newly discovered vulnerabilities or the latest zero-day payloads is invaluable amongst cyber hacking parties to maximise the chance of successfully breaching a target. Also, employing a less skilled workforce to replicate scripted attacks on easier, sometimes smaller targets has proven to be a worthwhile strategy.
But why target the smaller fish?
Because everyone has something valuable that can be monetised. And it is fair to assume that organisations with smaller budgets can be considered easier targets due to the higher chance of gaps in their defences.
Contrary to popular belief, the effectiveness of cyber defences isn’t necessarily proportional to the budget invested in them. It is more related to the presence (or absence) of gaps, issues, or any other indicators of something that should probably not be the way it is. People, process and technology all have an impact on an organisation’s overall security posture.
And while some organisations have the ability to align dedicated, expert specialists to the task, others have no choice but to rely on shared resources who divide their time between routine activities such as keeping the lights on and looking after their organisation’s security, as best as they can.
It is these organisations that this blog is directed to.
Creating Strength through Unity
Collaborating between industry peers is an activity that has proven to be effective in increasing awareness towards the latest cyber threats and how best to defend against them, as they offer valuable insights and best practices to improve the effectiveness of security measures.
By collaborating with those aware of similar challenges, organisations can stay ahead of emerging threats and leverage shared experiences to bolster their defences. After all, this shouldn’t come as a surprise because exchanging information through social interactions is something that we have been doing for quite a long time.
However, while engaging, and encouraging others to engage, in these activities is certainly a good practice, at times it may fall short of expectations; maybe because a threat is so new that nobody has come across it yet. Or perhaps because other peers have to prioritise other important business tasks, which limits the amount of time they have available for collaboration.
Organisations also often seek knowledge from security vendors as this presents the advantage of interacting first-hand with those who constantly develop cyber security solutions. As most readers will already be aware though, vendors tend to focus on the various challenges that their technologies address in order to show the benefits and value of their own solutions, rather than the other way around.
While all information is good information, often customers have to invest time to connect the dots and figure out which solution best fits their specific, and sometimes unique, requirements and use cases. Furthermore, additional effort is then needed in demonstrating to their senior leadership teams how the corresponding spend aligns to the organisation’s strategic goals. All, while potentially dealing with other, non-security related matters.
What is Left to Do?
The process of aligning the best solution to a particular challenge may not be as simple as one might imagine. Lack of familiarity with a particular environment (e.g. Cloud, SaaS or serverless), lack of time to keep up to date with new technologies or just being overwhelmed by a myriad of bold claims by the many providers available, especially on social media channels, are just typical examples.
Some customers just need a second opinion on their research on a particular subject, others need advice on how best to fulfil a requirement while demonstrating value to their organisation. They may know enough about how various solutions work but may not necessarily be aware of how they integrate with each other, or the different levels of operational effort involved in onboarding and managing them. Something which is often overlooked.
On the other hand, resellers of cyber security solutions realise they can no longer afford to be box shifters and – instead - constantly strive to deliver additional value to their customers and prospects. Value-Add Resellers (or VARs) often boasts the delivery of sought after services such as support, professional implementation or even managed services to attract prospect customers.
VAR’s invest in their own technology experts to deliver consultative advice and guide clients in identifying which cyber security solutions best meet the presented requirements or can be tailored to address multiple use cases. These consultants have access to the latest information on technologies, thanks to their partnerships and relationships with leading vendors and their access to information which is not normally shared with the public. They use their technical skills, knowledge and experience on available solutions and their understanding of each customer’s individual situation to help them make the best possible decision in all cases.
Closing Comments
The battle against cybercrime is not one that can be fought in isolation. It requires a collaborative effort where industry peers, governing bodies, and solution providers work together to create resilient and secure digital environments. By leveraging these partnerships, organisations can benefit from the collective knowledge and make the most of what is available to stay one step ahead of cyber criminals.
We hope that you've found this article useful. If you would like to discuss any of the points in further detail with Bytes, please reach out to your Bytes Account Manager, or email [email protected].
Want to keep informed? Sign up to our Newsletter