From the point of view of Conscia’s Security Operations Center (SOC), the year 2022 confirmed the fact that managing cyber risks in business has become a daily routine. The “battle” between criminals and companies is ongoing. We highlight three good practices that will help organizations operate more securely and successfully in 2023.
Conscia’s SOC in 2022: Detection and response to cyber incidents in numbers
Conscia’s (NIL is part of Conscia Group) Security Operations Center (SOC) grew this year, both in terms of business volume (number of clients) and team capacity. This alone confirms that the effective handling of cyber incidents is very important for the business’s overall security.
Allow me to highlight a few numbers from Conscia’s SOC in 2022:
- More than 37000 security alarms required a review by a security analyst.
- More than 3500 confirmed malicious activities and limited incidents.
- Tens of new clients from across all of Europe.
- Upgrade of the core managed detection and response service (MDR).
- SOC team growth: We hired T1 and T2 SOC Analysts and invested in additional competencies in Threat Hunting, PlatOps, Purple Teaming, Analytics Creation and Detection Tuning, and Threat Intelligence.
Together with our Incident response team, we intervened in 5 extremely serious incidents. This means that the companies were forced to cease operations for a while due to the cyber incident. I am extremely proud that we have managed to identify, isolate, and prevent the attacks from causing bigger business damage.
All these statistics emphasize the importance of efficient detection and incident management for stable businesses. We’re confident that it will remain so. That is why we would like to share some “New Year’s resolutions” to help you efficiently fight cyberattacks in 2023.
Cybersecurity in 2023 – best practice examples
In the upcoming year, Conscia’s SOC will pay the most attention to developing top personnel and technologies, mainly in the areas of security orchestration, automation, and increasing security incident response capabilities. Most companies cannot afford their own internal SOC, yet their “blue teams” still have to fight against cybercriminals daily the best they can. To make work in such circumstances easier and more efficient, I recommend the following good practices:
- Identifying the root cause of the attack or the entry vector of compromise is key:Once we confirm a security incident, let’s not rush into decisions. Errors in this step can reduce the effectiveness of the subsequent response. A typical procedural mistake is to immediately restore the affected systems to the state before exploiting the critical flaw without first confirming the actual cause of the attack and taking care to protect the evidence adequately. Restoring an infected system (without investigation and remediation) gives a motivated criminal a new opportunity to attack.
- The already established preventive measures define the efficiency of detecting security deviations and defense success. If you do not have measures, implement them: In organizations with reduced preventive capabilities to protect and harden information systems, the effectiveness of detection and response is also lower. Lax implementations of security policies give criminals more room to disguise attacks in legitimate business communication channels. The ability to unambiguously detect cyber incidents is significantly higher in information environments with established technical controls (e.g., limiting privileged users, assigning access and rights according to the principle of zero tolerance, etc.).
- Detecting efficiency and other security operations can become hindered without an integrated security visibility. Invest in visibility and identity protection. In the future, attackers will pay a bigger focus on compromising the identities, systems (e.g., workstations, servers, data warehouses), and information assets in the cloud. Comprehensive security visibility of all IT ecosystems (not only the network, but preferably identities, endpoints, and cloud services) is therefore absolutely necessary in security operations.
We firmly believe that these measures will significantly help you in 2023 to have a more secure and consequently more successful business.
If you need help with the comprehensive management of cyber risks, Conscia’s experts are here to assist. Conscia will continue to invest in capabilities that help our customers efficiently protect their businesses against cybercrime.